diff options
author | security tracker role <sectracker@debian.org> | 2017-05-11 21:10:12 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2017-05-11 21:10:12 +0000 |
commit | 9d0583f29b270cfc325167e1e3f57925358fa694 (patch) | |
tree | c2643cbca6a0fa2f19d38129a9b95672db94c2a3 | |
parent | 13c8e3146c354d8dd5379744c332926c5ed63473 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@51554 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2001.list | 22 | ||||
-rw-r--r-- | data/CVE/2002.list | 26 | ||||
-rw-r--r-- | data/CVE/2003.list | 54 | ||||
-rw-r--r-- | data/CVE/2004.list | 58 | ||||
-rw-r--r-- | data/CVE/2005.list | 126 | ||||
-rw-r--r-- | data/CVE/2006.list | 154 | ||||
-rw-r--r-- | data/CVE/2007.list | 80 | ||||
-rw-r--r-- | data/CVE/2008.list | 214 | ||||
-rw-r--r-- | data/CVE/2009.list | 114 | ||||
-rw-r--r-- | data/CVE/2010.list | 198 | ||||
-rw-r--r-- | data/CVE/2011.list | 270 | ||||
-rw-r--r-- | data/CVE/2012.list | 534 | ||||
-rw-r--r-- | data/CVE/2013.list | 690 | ||||
-rw-r--r-- | data/CVE/2014.list | 904 | ||||
-rw-r--r-- | data/CVE/2015.list | 938 | ||||
-rw-r--r-- | data/CVE/2016.list | 1834 | ||||
-rw-r--r-- | data/CVE/2017.list | 42 |
17 files changed, 3138 insertions, 3120 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list index f429579bd1..c9c75ebc0a 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -2391,15 +2391,15 @@ CVE-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and ea CVE-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0814 - RESERVED + REJECTED CVE-2001-0813 - RESERVED + REJECTED CVE-2001-0812 - RESERVED + REJECTED CVE-2001-0811 - RESERVED + REJECTED CVE-2001-0810 - RESERVED + REJECTED CVE-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...) @@ -2407,13 +2407,13 @@ CVE-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote atta CVE-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...) NOT-FOR-US: Microsoft CVE-2001-0802 - RESERVED + REJECTED CVE-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0798 - RESERVED + REJECTED CVE-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...) @@ -2558,13 +2558,13 @@ CVE-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Sec CVE-2001-0661 RESERVED CVE-2001-0657 - RESERVED + REJECTED CVE-2001-0656 - RESERVED + REJECTED CVE-2001-0655 - RESERVED + REJECTED CVE-2001-0654 - RESERVED + REJECTED CVE-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...) diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 2e3f31d842..4a506c023d 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -2172,23 +2172,23 @@ CVE-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, a {DSA-214} - kdenetwork 4:2.2.2-14.20 CVE-2002-1305 - RESERVED + REJECTED CVE-2002-1304 - RESERVED + REJECTED CVE-2002-1303 - RESERVED + REJECTED CVE-2002-1302 - RESERVED + REJECTED CVE-2002-1301 - RESERVED + REJECTED CVE-2002-1300 - RESERVED + REJECTED CVE-2002-1299 - RESERVED + REJECTED CVE-2002-1298 - RESERVED + REJECTED CVE-2002-1297 - RESERVED + REJECTED CVE-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...) NOT-FOR-US: Microsoft CVE-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...) @@ -4408,11 +4408,11 @@ CVE-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to by CVE-2002-0636 RESERVED CVE-2002-0635 - RESERVED + REJECTED CVE-2002-0634 - RESERVED + REJECTED CVE-2002-0633 - RESERVED + REJECTED CVE-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...) NOT-FOR-US: SGI CVE-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...) @@ -5146,7 +5146,7 @@ CVE-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ... CVE-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0035 - RESERVED + REJECTED CVE-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...) NOT-FOR-US: Microsoft CVE-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...) diff --git a/data/CVE/2003.list b/data/CVE/2003.list index de4b2fb155..da341bcc62 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -793,9 +793,9 @@ CVE-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Ser CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...) NOT-FOR-US: osCommerce CVE-2003-1218 - RESERVED + REJECTED CVE-2003-1217 - RESERVED + REJECTED CVE-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...) - phpbb2 2.0.8a-1 CVE-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...) @@ -1329,9 +1329,9 @@ CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial o CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...) NOT-FOR-US: rcp CVE-2003-0953 - RESERVED + REJECTED CVE-2003-0952 - RESERVED + REJECTED CVE-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...) NOT-FOR-US: HP-UX CVE-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...) @@ -1393,19 +1393,19 @@ CVE-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote atta {DSA-407} - ethereal 0.9.16-0.1 CVE-2003-0923 - RESERVED + REJECTED CVE-2003-0922 - RESERVED + REJECTED CVE-2003-0921 - RESERVED + REJECTED CVE-2003-0920 - RESERVED + REJECTED CVE-2003-0919 - RESERVED + REJECTED CVE-2003-0918 - RESERVED + REJECTED CVE-2003-0917 - RESERVED + REJECTED CVE-2003-0916 RESERVED CVE-2003-0915 @@ -1497,7 +1497,7 @@ CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...) NOT-FOR-US: Deskpro CVE-2003-0873 - RESERVED + REJECTED CVE-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...) NOT-FOR-US: SCO CVE-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...) @@ -1505,9 +1505,9 @@ CVE-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac CVE-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...) NOT-FOR-US: Opera CVE-2003-0869 - RESERVED + REJECTED CVE-2003-0868 - RESERVED + REJECTED CVE-2003-0867 REJECTED CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...) @@ -1659,11 +1659,11 @@ CVE-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers CVE-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...) NOT-FOR-US: Nokia CVE-2003-0800 - RESERVED + REJECTED CVE-2003-0799 - RESERVED + REJECTED CVE-2003-0798 - RESERVED + REJECTED CVE-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...) NOT-FOR-US: SGI IRIX CVE-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...) @@ -1791,7 +1791,7 @@ CVE-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before CVE-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...) NOT-FOR-US: SCO CVE-2003-0741 - RESERVED + REJECTED CVE-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...) - stunnel 2:3.26 (bug #278942) - stunnel4 2:4.04 @@ -1922,7 +1922,7 @@ CVE-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other .. {DSA-372} - netris 0.52-1 CVE-2003-0684 - RESERVED + REJECTED CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...) NOT-FOR-US: SGI CVE-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a ...) @@ -1936,7 +1936,7 @@ CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may CVE-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...) NOT-FOR-US: SGI IRIX CVE-2003-0678 - RESERVED + REJECTED CVE-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...) NOT-FOR-US: Cisco CVE-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...) @@ -2172,13 +2172,13 @@ CVE-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and . CVE-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...) NOT-FOR-US: IRIX CVE-2003-0571 - RESERVED + REJECTED CVE-2003-0570 - RESERVED + REJECTED CVE-2003-0569 - RESERVED + REJECTED CVE-2003-0568 - RESERVED + REJECTED CVE-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...) NOT-FOR-US: Cisco CVE-2003-0566 @@ -2491,7 +2491,7 @@ CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 - semi 1.14.5+20030609-1 (bug #223456) - wemi <removed> CVE-2003-0439 - RESERVED + REJECTED CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...) {DSA-325} - eldav 0.7.2-1 @@ -3042,9 +3042,9 @@ CVE-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for S {DSA-280} - samba 3.0 CVE-2003-0200 - RESERVED + REJECTED CVE-2003-0199 - RESERVED + REJECTED CVE-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...) NOT-FOR-US: MacOS CVE-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...) diff --git a/data/CVE/2004.list b/data/CVE/2004.list index ebfc927965..6046625d05 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -2977,7 +2977,7 @@ CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local us CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...) NOT-FOR-US: Sun StorEdge Enterprise Storage Manager CVE-2004-1344 - RESERVED + REJECTED CVE-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...) {DSA-715-1} - cvs 1:1.12.9-12 @@ -3833,7 +3833,7 @@ CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...) - cscope 15.5-1.1 (bug #282815) NOTE: Patch in debian bts from ubuntu is good. All other patches are crap. CVE-2004-0995 - RESERVED + REJECTED CVE-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...) {DSA-614-1} NOTE: only indication that it's this CVE is in the debian package changelog @@ -4202,23 +4202,23 @@ CVE-2004-0863 CVE-2004-0862 RESERVED CVE-2004-0861 - RESERVED + REJECTED CVE-2004-0860 - RESERVED + REJECTED CVE-2004-0859 - RESERVED + REJECTED CVE-2004-0858 - RESERVED + REJECTED CVE-2004-0857 - RESERVED + REJECTED CVE-2004-0856 - RESERVED + REJECTED CVE-2004-0855 - RESERVED + REJECTED CVE-2004-0854 - RESERVED + REJECTED CVE-2004-0853 - RESERVED + REJECTED CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...) {DSA-611-1} - htget <removed> @@ -4293,7 +4293,7 @@ CVE-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary CVE-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...) NOT-FOR-US: openbsd CVE-2004-0818 - RESERVED + REJECTED CVE-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...) {DSA-548-2} - imlib+png2 1.9.14-16.2 @@ -4463,7 +4463,7 @@ CVE-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability - mozilla 2:1.7 - mozilla-firefox 0.9 CVE-2004-0756 - RESERVED + REJECTED CVE-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...) {DSA-537} - ruby1.8 1.8.1+1.8.2pre1-4 @@ -4939,7 +4939,7 @@ CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and bef {DSA-555-1} - freenet6 1.0-2.2 CVE-2004-0562 - RESERVED + REJECTED CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...) {DSA-638-1} - gopher 3.0.6 @@ -4960,7 +4960,7 @@ CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav. {DSA-565-1} - sox 12.17.4-9 (bug #262083) CVE-2004-0556 - RESERVED + REJECTED CVE-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...) {DSA-643-1} - queue 1.30.1-5 @@ -5158,9 +5158,9 @@ CVE-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remot CVE-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 ...) NOT-FOR-US: WebConnect CVE-2004-0464 - RESERVED + REJECTED CVE-2004-0463 - RESERVED + REJECTED CVE-2004-0462 (The built-in web servers for multiple networking devices do not set ...) NOT-FOR-US: Multiple embedded hardware vendors CVE-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...) @@ -5197,7 +5197,7 @@ CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail {DSA-513} - log2mail 0.2.8-3 CVE-2004-0449 - RESERVED + REJECTED CVE-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...) {DSA-510} - jftpgw 0.13.4-1 @@ -5304,7 +5304,7 @@ CVE-2004-0408 (Buffer overflow in the child_service function in the ident2 ident CVE-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...) NOT-FOR-US: ColdFusion CVE-2004-0406 - RESERVED + REJECTED CVE-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...) {DSA-486} - cvs 1:1.12.5-4 (medium) @@ -5378,7 +5378,7 @@ CVE-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 . CVE-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...) NOT-FOR-US: Microsoft SharePoint Portal Server 2001 CVE-2004-0378 - RESERVED + REJECTED CVE-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...) - perl <not-affected> (Win32 specific) CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...) @@ -5825,21 +5825,21 @@ CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users {DSA-451} - xboing 2.4-26.1 (bug #174924) CVE-2004-0147 - RESERVED + REJECTED CVE-2004-0146 - RESERVED + REJECTED CVE-2004-0145 - RESERVED + REJECTED CVE-2004-0144 - RESERVED + REJECTED CVE-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...) NOT-FOR-US: Nokia mobile phones CVE-2004-0142 - RESERVED + REJECTED CVE-2004-0141 - RESERVED + REJECTED CVE-2004-0140 - RESERVED + REJECTED CVE-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...) NOT-FOR-US: SGI IRIX CVE-2004-0138 (The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to ...) @@ -5909,7 +5909,7 @@ CVE-2004-0101 CVE-2004-0100 RESERVED CVE-2004-0098 - RESERVED + REJECTED CVE-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...) {DSA-448} - pwlib 1.5.2-4 @@ -6045,7 +6045,7 @@ CVE-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and ea {DSA-412} - nd 0.8.2-1 CVE-2004-0012 - RESERVED + REJECTED CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...) {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479} - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.25-pre7) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 968d4459a8..eb7d31affc 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -833,26 +833,26 @@ CVE-2005-4546 (search.php in eggblog 2.0 allows remote attackers to obtain the f CVE-2005-4545 (Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ...) NOT-FOR-US: NetDirect ShopEngine CVE-2005-4544 - RESERVED + REJECTED CVE-2005-4543 - RESERVED + REJECTED CVE-2005-4542 - RESERVED + REJECTED CVE-2005-4541 - RESERVED + REJECTED CVE-2005-4540 - RESERVED + REJECTED CVE-2005-4539 - RESERVED + REJECTED CVE-2005-4538 - RESERVED + REJECTED CVE-2005-4537 - RESERVED + REJECTED CVE-2005-4536 (Mail::Audit module in libmail-audit-perl 2.1-5, when logging is ...) {DSA-960-3} - libmail-audit-perl 2.1-5.1 (bug #344029; medium) CVE-2005-4535 - RESERVED + REJECTED CVE-2005-4533 (Argument injection vulnerability in scponlyc in scponly 4.1 and ...) {DSA-969-1} - scponly 4.6-1 (bug #344418) @@ -1729,65 +1729,65 @@ CVE-2005-4127 CVE-2005-4126 (** UNVERIFIABLE, PRERELEASE ** ...) NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared CVE-2005-4125 - RESERVED + REJECTED CVE-2005-4124 - RESERVED + REJECTED CVE-2005-4123 - RESERVED + REJECTED CVE-2005-4122 - RESERVED + REJECTED CVE-2005-4121 - RESERVED + REJECTED CVE-2005-4120 - RESERVED + REJECTED CVE-2005-4119 - RESERVED + REJECTED CVE-2005-4118 - RESERVED + REJECTED CVE-2005-4117 - RESERVED + REJECTED CVE-2005-4116 - RESERVED + REJECTED CVE-2005-4115 - RESERVED + REJECTED CVE-2005-4114 - RESERVED + REJECTED CVE-2005-4113 - RESERVED + REJECTED CVE-2005-4112 - RESERVED + REJECTED CVE-2005-4111 - RESERVED + REJECTED CVE-2005-4110 - RESERVED + REJECTED CVE-2005-4109 - RESERVED + REJECTED CVE-2005-4108 - RESERVED + REJECTED CVE-2005-4107 - RESERVED + REJECTED CVE-2005-4106 - RESERVED + REJECTED CVE-2005-4105 - RESERVED + REJECTED CVE-2005-4104 - RESERVED + REJECTED CVE-2005-4103 - RESERVED + REJECTED CVE-2005-4102 - RESERVED + REJECTED CVE-2005-4101 - RESERVED + REJECTED CVE-2005-4100 - RESERVED + REJECTED CVE-2005-4099 - RESERVED + REJECTED CVE-2005-4098 - RESERVED + REJECTED CVE-2005-4097 - RESERVED + REJECTED CVE-2005-4096 - RESERVED + REJECTED CVE-2005-4095 (Directory traversal vulnerability in connector.php in the ...) NOT-FOR-US: DoceboLMS CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows ...) @@ -4146,7 +4146,7 @@ CVE-2005-3126 (The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) {DSA-945-1} - antiword 0.35-2 (low) CVE-2005-3125 - RESERVED + REJECTED CVE-2005-3124 (syslogtocern in Acme thttpd before 2.23 allows local users to write ...) {DSA-883-1} - thttpd 2.23beta1-4 @@ -5101,7 +5101,7 @@ CVE-2005-2742 (SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstanc CVE-2005-2741 (Authorization Services in securityd for Apple Mac OS X 10.3.9 allows ...) NOT-FOR-US: Mac OS X CVE-2005-2740 - RESERVED + REJECTED CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password ...) NOT-FOR-US: Mac OS X CVE-2005-2738 (Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple ...) @@ -5630,7 +5630,7 @@ CVE-2005-2530 (Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple CVE-2005-2529 (Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac ...) NOT-FOR-US: Java / Apple CVE-2005-2528 - RESERVED + REJECTED CVE-2005-2527 (Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X ...) NOT-FOR-US: Java / Apple CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...) @@ -5959,7 +5959,7 @@ CVE-2005-2410 (Format string vulnerability in the nm_info_handler function in Ne CVE-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...) NOT-FOR-US: nbsmtp CVE-2005-2408 - RESERVED + REJECTED CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-assisted ...) NOT-FOR-US: Opera CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...) @@ -6098,7 +6098,7 @@ CVE-2005-2347 CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...) NOT-FOR-US: Novell CVE-2005-2345 - RESERVED + REJECTED CVE-2005-2344 (The BlackBerry Attachment Service in Research in Motion (RIM) ...) NOT-FOR-US: Research in Motion CVE-2005-2343 (Research in Motion (RIM) BlackBerry Handheld web browser for ...) @@ -6524,7 +6524,7 @@ CVE-2005-2171 CVE-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...) NOT-FOR-US: Tivoli CVE-2005-2348 - RESERVED + REJECTED CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...) NOT-FOR-US: PHPSource Printer CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...) @@ -7256,13 +7256,13 @@ CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 CVE-2005-1864 (PHP remote file inclusion vulnerability in cal_admintop.php in ...) NOT-FOR-US: Calendarix CVE-2005-1863 - RESERVED + REJECTED CVE-2005-1862 - RESERVED + REJECTED CVE-2005-1861 - RESERVED + REJECTED CVE-2005-1860 - RESERVED + REJECTED CVE-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...) NOT-FOR-US: arshell CVE-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...) @@ -7310,9 +7310,9 @@ CVE-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to CVE-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...) NOT-FOR-US: YaMT CVE-2005-1845 - RESERVED + REJECTED CVE-2005-1844 - RESERVED + REJECTED CVE-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...) NOT-FOR-US: Windows CVE-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...) @@ -7579,7 +7579,7 @@ CVE-2005-1733 (Cookie Cart stores the password file under the web document root CVE-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...) NOT-FOR-US: Cookie Cart CVE-2005-1731 - RESERVED + REJECTED CVE-2005-1730 (Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in ...) NOT-FOR-US: Novell iManager CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...) @@ -10097,7 +10097,7 @@ CVE-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...) CVE-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...) NOT-FOR-US: FreeBSD portupgrade CVE-2005-0609 - RESERVED + REJECTED CVE-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...) NOT-FOR-US: Half Life WebMod CVE-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...) @@ -11106,21 +11106,21 @@ CVE-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authentica {DSA-667-1} - squid 2.5.7-4 CVE-2005-0172 - RESERVED + REJECTED CVE-2005-0171 - RESERVED + REJECTED CVE-2005-0170 - RESERVED + REJECTED CVE-2005-0169 - RESERVED + REJECTED CVE-2005-0168 - RESERVED + REJECTED CVE-2005-0167 - RESERVED + REJECTED CVE-2005-0166 - RESERVED + REJECTED CVE-2005-0165 - RESERVED + REJECTED CVE-2005-0164 RESERVED CVE-2005-0163 @@ -11213,7 +11213,7 @@ CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...) - konversation 0.15-3 CVE-2005-0128 - RESERVED + REJECTED CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...) NOT-FOR-US: MacOS CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...) @@ -11224,7 +11224,7 @@ CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1} - linux-2.6 2.6.12-1 CVE-2005-0123 - RESERVED + REJECTED CVE-2005-0122 REJECTED CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...) diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 6f2de6239a..1013b0e601 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -2802,35 +2802,35 @@ CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versio CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...) NOT-FOR-US: WebEvents (Online Event Registration Template) CVE-2006-6006 - RESERVED + REJECTED CVE-2006-6005 - RESERVED + REJECTED CVE-2006-6004 - RESERVED + REJECTED CVE-2006-6003 - RESERVED + REJECTED CVE-2006-6002 - RESERVED + REJECTED CVE-2006-6001 - RESERVED + REJECTED CVE-2006-6000 - RESERVED + REJECTED CVE-2006-5999 - RESERVED + REJECTED CVE-2006-5998 - RESERVED + REJECTED CVE-2006-5997 - RESERVED + REJECTED CVE-2006-5996 - RESERVED + REJECTED CVE-2006-5995 - RESERVED + REJECTED CVE-2006-5994 (Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word ...) NOT-FOR-US: Microsoft Word CVE-2006-5993 - RESERVED + REJECTED CVE-2006-5992 - RESERVED + REJECTED CVE-2006-5991 (Multiple SQL injection vulnerabilities in wwweb concepts CactuShop ...) NOT-FOR-US: CactuShop CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and ...) @@ -3479,43 +3479,43 @@ CVE-2006-5701 (Double free vulnerability in squashfs module in the Linux kernel - squashfs 1:3.1r2-6.1 NOTE: Mounting filesystem partitions should be limited to root CVE-2006-5700 - RESERVED + REJECTED CVE-2006-5699 - RESERVED + REJECTED CVE-2006-5698 - RESERVED + REJECTED CVE-2006-5697 - RESERVED + REJECTED CVE-2006-5696 - RESERVED + REJECTED CVE-2006-5695 - RESERVED + REJECTED CVE-2006-5694 - RESERVED + REJECTED CVE-2006-5693 - RESERVED + REJECTED CVE-2006-5692 - RESERVED + REJECTED CVE-2006-5691 - RESERVED + REJECTED CVE-2006-5690 - RESERVED + REJECTED CVE-2006-5689 - RESERVED + REJECTED CVE-2006-5688 - RESERVED + REJECTED CVE-2006-5687 - RESERVED + REJECTED CVE-2006-5686 - RESERVED + REJECTED CVE-2006-5685 - RESERVED + REJECTED CVE-2006-5684 - RESERVED + REJECTED CVE-2006-5683 - RESERVED + REJECTED CVE-2006-5682 - RESERVED + REJECTED CVE-2006-5681 (QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with ...) NOT-FOR-US: QuickTime on Mac OS X CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...) @@ -3721,7 +3721,7 @@ CVE-2006-5584 (The Remote Installation Service (RIS) in Microsoft Windows 2000 S CVE-2006-5583 (Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, ...) NOT-FOR-US: Microsoft CVE-2006-5582 - RESERVED + REJECTED CVE-2006-5581 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...) NOT-FOR-US: Microsoft CVE-2006-5580 @@ -3733,15 +3733,15 @@ CVE-2006-5578 (Microsoft Internet Explorer 6 and earlier allows remote attackers CVE-2006-5577 (Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain ...) NOT-FOR-US: Microsoft CVE-2006-5576 - RESERVED + REJECTED CVE-2006-5575 - RESERVED + REJECTED CVE-2006-5574 (Unspecified vulnerability in the Brazilian Portuguese Grammar Checker ...) NOT-FOR-US: Microsoft CVE-2006-5573 - RESERVED + REJECTED CVE-2006-5572 - RESERVED + REJECTED CVE-2006-5571 (Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks ...) NOT-FOR-US: CruiseWorks CVE-2006-5570 (Directory traversal vulnerability in /scripts/cruise/cws.exe in ...) @@ -4293,7 +4293,7 @@ CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package) [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package) CVE-2006-5329 - RESERVED + REJECTED CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and ...) NOT-FOR-US: OpenBase SQL CVE-2006-5327 (Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, ...) @@ -5625,17 +5625,17 @@ CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and Dominic CVE-2006-4704 (Cross-zone scripting vulnerability in the WMI Object Broker ...) NOT-FOR-US: Microsoft CVE-2006-4703 - RESERVED + REJECTED CVE-2006-4702 (Buffer overflow in the Windows Media Format Runtime in Microsoft ...) NOT-FOR-US: Microsoft CVE-2006-4701 - RESERVED + REJECTED CVE-2006-4700 - RESERVED + REJECTED CVE-2006-4699 - RESERVED + REJECTED CVE-2006-4698 - RESERVED + REJECTED CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...) NOT-FOR-US: Microsoft CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows ...) @@ -5651,7 +5651,7 @@ CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager . CVE-2006-4691 (Stack-based buffer overflow in the NetpManageIPCConnect function in ...) NOT-FOR-US: Microsoft CVE-2006-4690 - RESERVED + REJECTED CVE-2006-4689 (Unspecified vulnerability in the driver for the Client Service for ...) NOT-FOR-US: Microsoft CVE-2006-4688 (Buffer overflow in Client Service for NetWare (CSNW) in Microsoft ...) @@ -7517,15 +7517,15 @@ CVE-2006-3876 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, CVE-2006-3875 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...) NOT-FOR-US: Microsoft CVE-2006-3874 - RESERVED + REJECTED CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...) NOT-FOR-US: Microsoft CVE-2006-3872 - RESERVED + REJECTED CVE-2006-3871 - RESERVED + REJECTED CVE-2006-3870 - RESERVED + REJECTED CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...) NOT-FOR-US: Microsoft CVE-2006-3868 (Unspecified vulnerability in Microsoft Office XP and 2003 allows ...) @@ -7535,11 +7535,11 @@ CVE-2006-3867 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 20 CVE-2006-3866 REJECTED CVE-2006-3865 - RESERVED + REJECTED CVE-2006-3864 (Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and ...) NOT-FOR-US: Microsoft CVE-2006-3863 - RESERVED + REJECTED CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2006-3861 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...) @@ -8108,17 +8108,17 @@ CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 a CVE-2006-3647 (Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and ...) NOT-FOR-US: Microsoft CVE-2006-3646 - RESERVED + REJECTED CVE-2006-3645 - RESERVED + REJECTED CVE-2006-3644 - RESERVED + REJECTED CVE-2006-3643 (Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and ...) NOT-FOR-US: Microsoft CVE-2006-3642 - RESERVED + REJECTED CVE-2006-3641 - RESERVED + REJECTED CVE-2006-3640 (Microsoft Internet Explorer 5.01 and 6 allows certain script to ...) NOT-FOR-US: Microsoft CVE-2006-3639 (Microsoft Internet Explorer 5.01 and 6 does not properly identify the ...) @@ -8550,9 +8550,9 @@ CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 20 CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft ...) NOT-FOR-US: Microsoft CVE-2006-3447 - RESERVED + REJECTED CVE-2006-3446 - RESERVED + REJECTED CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in ...) NOT-FOR-US: Microsoft CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...) @@ -8570,7 +8570,7 @@ CVE-2006-3439 (Buffer overflow in the Server Service in Microsoft Windows 2000 S CVE-2006-3438 (Unspecified vulnerability in Microsoft Hyperlink Object Library ...) NOT-FOR-US: Microsoft CVE-2006-3437 - RESERVED + REJECTED CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework ...) NOT-FOR-US: Microsoft CVE-2006-3435 (PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X ...) @@ -8578,7 +8578,7 @@ CVE-2006-3435 (PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...) NOT-FOR-US: Microsoft CVE-2006-3433 - RESERVED + REJECTED CVE-2006-3432 REJECTED CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...) @@ -10928,7 +10928,7 @@ CVE-2006-2383 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 CVE-2006-2382 (Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and ...) NOT-FOR-US: Microsoft CVE-2006-2381 - RESERVED + REJECTED CVE-2006-2380 (Microsoft Windows 2000 SP4 does not properly validate an RPC server ...) NOT-FOR-US: Microsoft CVE-2006-2379 (Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows ...) @@ -10936,11 +10936,11 @@ CVE-2006-2379 (Buffer overflow in the TCP/IP Protocol driver in Microsoft Window CVE-2006-2378 (Buffer overflow in the ART Image Rendering component (jgdw400.dll) in ...) NOT-FOR-US: Microsoft CVE-2006-2377 - RESERVED + REJECTED CVE-2006-2376 (Integer overflow in the PolyPolygon function in Graphics Rendering ...) NOT-FOR-US: Microsoft CVE-2006-2375 - RESERVED + REJECTED CVE-2006-2374 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...) NOT-FOR-US: Microsoft CVE-2006-2373 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...) @@ -13014,7 +13014,7 @@ CVE-2006-1523 (The __group_complete_signal function in the RCU signal handling . CVE-2006-1522 (The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 ...) - linux-2.6 2.6.16-7 CVE-2006-1521 - RESERVED + REJECTED CVE-2006-1520 (Format string vulnerability in ANSI C Sender Policy Framework library ...) NOTE: Debian ships debugging disabled (this isn't a problem with a debugging command-line flag) - libspf <not-affected> (bug #368780; low) @@ -13470,7 +13470,7 @@ CVE-2006-1322 (Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a CVE-2006-1318 (Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, ...) NOT-FOR-US: Microsoft Office CVE-2006-1317 - RESERVED + REJECTED CVE-2006-1316 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...) NOT-FOR-US: Microsoft CVE-2006-1315 (The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP ...) @@ -13480,17 +13480,17 @@ CVE-2006-1314 (Heap-based buffer overflow in the Server Service (SRV.SYS driver) CVE-2006-1313 (Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on ...) NOT-FOR-US: Microsoft JScript CVE-2006-1312 - RESERVED + REJECTED CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; ...) NOT-FOR-US: Microsoft CVE-2006-1310 - RESERVED + REJECTED CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...) NOT-FOR-US: Microsoft CVE-2006-1308 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...) NOT-FOR-US: Microsoft CVE-2006-1307 - RESERVED + REJECTED CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...) NOT-FOR-US: Microsoft CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote ...) @@ -13506,7 +13506,7 @@ CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-assisted attackers CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: Microsoft CVE-2006-1299 - RESERVED + REJECTED CVE-2006-1298 (Format string vulnerability in the Job Engine service (bengine.exe) in ...) NOT-FOR-US: Veritas Backup CVE-2006-1297 (Unspecified vulnerability in Veritas Backup Exec for Windows Server ...) @@ -13748,7 +13748,7 @@ CVE-2006-1189 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 CVE-2006-1188 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2006-1187 - RESERVED + REJECTED CVE-2006-1186 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2006-1185 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...) @@ -13783,11 +13783,11 @@ CVE-2006-1173 (Sendmail before 8.13.7 allows remote attackers to cause a denial CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in ...) NOT-FOR-US: ActiveX control CVE-2006-1171 - RESERVED + REJECTED CVE-2006-1170 - RESERVED + REJECTED CVE-2006-1169 - RESERVED + REJECTED CVE-2006-1168 (The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) ...) {DSA-1149-1} - ncompress 4.2.4-16 @@ -14380,7 +14380,7 @@ CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote attacke CVE-2006-0905 (A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through ...) - kfreebsd-5 5.4-16 CVE-2006-0904 - RESERVED + REJECTED CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging ...) {DSA-1079-1 DSA-1073-1 DSA-1071-1} - mysql-dfsg-5.0 5.0.19-3 (bug #359701; bug #366162; bug #366163) @@ -15157,7 +15157,7 @@ CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in Plugge CVE-2006-0561 (Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS ...) NOT-FOR-US: Cisco CVE-2006-0560 - RESERVED + REJECTED CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee WebShield ...) NOT-FOR-US: McAfee WebShield CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local ...) @@ -15167,7 +15167,7 @@ CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does {DSA-1103} - linux-2.6 2.6.15-8 CVE-2006-0556 - RESERVED + REJECTED CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a denial ...) {DSA-1103} - linux-2.6 2.6.15-8 @@ -16451,7 +16451,7 @@ CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for Micro CVE-2006-0012 (Unspecified vulnerability in Windows Explorer in Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2006-0011 - RESERVED + REJECTED CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft CVE-2006-0009 (Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other ...) diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 93cec202a9..04e6dcd224 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1213,7 +1213,7 @@ CVE-2007-6258 (Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3 CVE-2007-6257 RESERVED CVE-2007-6256 - RESERVED + REJECTED CVE-2007-6255 (Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in ...) NOT-FOR-US: Microsoft HRTBEAT.OCX CVE-2007-6254 (Stack-based buffer overflow in the SAP Business Objects ...) @@ -1231,7 +1231,7 @@ CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on t CVE-2007-6248 RESERVED CVE-2007-6247 - RESERVED + REJECTED CVE-2007-6246 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...) - flashplugin-nonfree 9.0.115.0.1 [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported) @@ -3362,15 +3362,15 @@ CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in Aster [sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected) [etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected) CVE-2007-5357 - RESERVED + REJECTED CVE-2007-5356 - RESERVED + REJECTED CVE-2007-5355 (The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5354 - RESERVED + REJECTED CVE-2007-5353 - RESERVED + REJECTED CVE-2007-5352 (Unspecified vulnerability in Local Security Authority Subsystem ...) NOT-FOR-US: Microsoft Windows CVE-2007-5351 (Unspecified vulnerability in Server Message Block Version 2 (SMBv2) ...) @@ -3378,19 +3378,19 @@ CVE-2007-5351 (Unspecified vulnerability in Server Message Block Version 2 (SMBv CVE-2007-5350 (Unspecified vulnerability in the Windows Advanced Local Procedure Call ...) NOT-FOR-US: Microsoft Vista CVE-2007-5349 - RESERVED + REJECTED CVE-2007-5348 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5346 - RESERVED + REJECTED CVE-2007-5345 - RESERVED + REJECTED CVE-2007-5344 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-5343 - RESERVED + REJECTED CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apache ...) {DSA-1447-1} - tomcat5.5 5.5.25-4 (low; bug #458237) @@ -6794,7 +6794,7 @@ CVE-2007-3905 (SQL injection vulnerability in Zoph before 0.7.0.1 might allow re {DSA-1389-2 DSA-1389-1} - zoph 0.7.0.2-1 (bug #435711) CVE-2007-3904 - RESERVED + REJECTED CVE-2007-3903 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in ...) @@ -6802,7 +6802,7 @@ CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in . CVE-2007-3901 (Stack-based buffer overflow in the DirectShow Synchronized Accessible ...) NOT-FOR-US: Microsoft DirectX CVE-2007-3900 - RESERVED + REJECTED CVE-2007-3899 (Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, ...) NOT-FOR-US: Microsoft Word CVE-2007-3898 (The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 ...) @@ -6814,7 +6814,7 @@ CVE-2007-3896 (The URL handling in Shell32.dll in the Windows shell in Microsoft CVE-2007-3895 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 ...) NOT-FOR-US: Microsoft DirectX CVE-2007-3894 - RESERVED + REJECTED CVE-2007-3893 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...) NOT-FOR-US: Internet Explorer CVE-2007-3892 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...) @@ -8878,7 +8878,7 @@ CVE-2007-3033 (Cross-site scripting (XSS) vulnerability in Windows Vista Feed .. CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in Windows ...) NOT-FOR-US: Microsoft CVE-2007-3031 - RESERVED + REJECTED CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows ...) NOT-FOR-US: Microsoft Excel CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 ...) @@ -10826,7 +10826,7 @@ CVE-2007-2228 (rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows ...) NOT-FOR-US: Microsoft CVE-2007-2226 - RESERVED + REJECTED CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows ...) NOT-FOR-US: Microsoft CVE-2007-2224 (Object linking and embedding (OLE) Automation, as used in Microsoft ...) @@ -10838,7 +10838,7 @@ CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) a CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-2220 - RESERVED + REJECTED CVE-2007-2219 (Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, ...) NOT-FOR-US: Microsoft CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security Package for ...) @@ -10848,7 +10848,7 @@ CVE-2007-2217 (Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cas CVE-2007-2216 (The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-2215 - RESERVED + REJECTED CVE-2007-2214 (Unrestricted file upload vulnerability in includes/upload_file.php in ...) NOT-FOR-US: DmCMS CVE-2007-2213 (Unspecified vulnerability in the Initialize function in ...) @@ -11873,23 +11873,23 @@ CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URL NOTE: will register URLs found in the wild and the used adresses will be NOTE: volatile anyway CVE-2007-1761 - RESERVED + REJECTED CVE-2007-1760 - RESERVED + REJECTED CVE-2007-1759 - RESERVED + REJECTED CVE-2007-1758 - RESERVED + REJECTED CVE-2007-1757 - RESERVED + REJECTED CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office ...) NOT-FOR-US: Microsoft Excel CVE-2007-1755 - RESERVED + REJECTED CVE-2007-1754 (PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear ...) NOT-FOR-US: Microsoft Office CVE-2007-1753 - RESERVED + REJECTED CVE-2007-1752 REJECTED CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to ...) @@ -13209,13 +13209,13 @@ CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microso CVE-2007-1211 (Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP ...) NOT-FOR-US: Microsoft Windows CVE-2007-1210 - RESERVED + REJECTED CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem ...) NOT-FOR-US: Windows Vista CVE-2007-1208 - RESERVED + REJECTED CVE-2007-1207 - RESERVED + REJECTED CVE-2007-1206 (The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in ...) @@ -13708,13 +13708,13 @@ CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x CVE-2007-0993 REJECTED CVE-2007-0992 - RESERVED + REJECTED CVE-2007-0991 - RESERVED + REJECTED CVE-2007-0990 - RESERVED + REJECTED CVE-2007-0989 - RESERVED + REJECTED CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before ...) {DSA-1264-1} [etch] - php4 6:4.4.4-8+etch1 @@ -13823,7 +13823,7 @@ CVE-2007-0943 (Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 all CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-0941 - RESERVED + REJECTED CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component Object ...) NOT-FOR-US: Microsoft CAPICOM CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content ...) @@ -13831,11 +13831,11 @@ CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content ... CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does ...) NOT-FOR-US: Microsoft Content Management Server CVE-2007-0937 - RESERVED + REJECTED CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow ...) NOT-FOR-US: Microsoft CVE-2007-0935 - RESERVED + REJECTED CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote ...) NOT-FOR-US: Microsoft CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ ...) @@ -14375,7 +14375,7 @@ CVE-2007-0729 (Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through ...) NOT-FOR-US: Apple Mac CVE-2007-0727 - RESERVED + REJECTED CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...) NOT-FOR-US: Apple OpenSSH CVE-2007-0725 (Buffer overflow in the AirPortDriver module for AirPort in Apple Mac ...) @@ -15526,7 +15526,7 @@ CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2 CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does ...) NOT-FOR-US: Microsoft CVE-2007-0212 - RESERVED + REJECTED CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...) NOT-FOR-US: Microsoft CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 ...) @@ -15536,7 +15536,7 @@ CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...) NOT-FOR-US: Microsoft CVE-2007-0207 - RESERVED + REJECTED CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) NOT-FOR-US: OpenView Network Node Manager CVE-2007-XXXX [udev wrong permissions on raid devices] @@ -15926,9 +15926,9 @@ CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft ...) NOT-FOR-US: Microsoft CVE-2007-0037 - RESERVED + REJECTED CVE-2007-0036 - RESERVED + REJECTED CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...) NOT-FOR-US: Microsoft Word CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of ...) @@ -15936,7 +15936,7 @@ CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of .. CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to ...) NOT-FOR-US: Microsoft Outlook CVE-2007-0032 - RESERVED + REJECTED CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, ...) NOT-FOR-US: Microsoft Excel CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X ...) diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 37aa2096c7..10873766d5 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -4014,49 +4014,49 @@ CVE-2008-5619 (html2text.php in Chuggnutt HTML to Text Converter, as used in ... [lenny] - mahara <not-affected> (html2text.php wasn't yet included) - atmailopen <removed> CVE-2008-5485 - RESERVED + REJECTED CVE-2008-5484 - RESERVED + REJECTED CVE-2008-5483 - RESERVED + REJECTED CVE-2008-5482 - RESERVED + REJECTED CVE-2008-5481 - RESERVED + REJECTED CVE-2008-5480 - RESERVED + REJECTED CVE-2008-5479 - RESERVED + REJECTED CVE-2008-5478 - RESERVED + REJECTED CVE-2008-5477 - RESERVED + REJECTED CVE-2008-5476 - RESERVED + REJECTED CVE-2008-5475 - RESERVED + REJECTED CVE-2008-5474 - RESERVED + REJECTED CVE-2008-5473 - RESERVED + REJECTED CVE-2008-5472 - RESERVED + REJECTED CVE-2008-5471 - RESERVED + REJECTED CVE-2008-5470 - RESERVED + REJECTED CVE-2008-5469 - RESERVED + REJECTED CVE-2008-5468 - RESERVED + REJECTED CVE-2008-5467 - RESERVED + REJECTED CVE-2008-5466 - RESERVED + REJECTED CVE-2008-5465 - RESERVED + REJECTED CVE-2008-5464 - RESERVED + REJECTED CVE-2008-5463 (Unspecified vulnerability in the PeopleSoft Enterprise Campus ...) NOT-FOR-US: BEA WebLogic CVE-2008-5462 (Unspecified vulnerability in the WebLogic Portal component in BEA ...) @@ -4078,7 +4078,7 @@ CVE-2008-5455 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ... CVE-2008-5454 (Unspecified vulnerability in the iProcurement component in Oracle ...) NOT-FOR-US: Oracle CVE-2008-5453 - RESERVED + REJECTED CVE-2008-5452 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle CVE-2008-5451 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...) @@ -4203,15 +4203,15 @@ CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in t CVE-2008-5393 (UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes ...) NOT-FOR-US: Ubuntu Privacy Remix CVE-2008-5392 - RESERVED + REJECTED CVE-2008-5391 - RESERVED + REJECTED CVE-2008-5390 - RESERVED + REJECTED CVE-2008-5389 - RESERVED + REJECTED CVE-2008-5388 - RESERVED + REJECTED CVE-2008-5387 (Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when ...) NOT-FOR-US: IBM AIX CVE-2008-5386 (Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd ...) @@ -5576,65 +5576,65 @@ CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender 2 [etch] - blender 2.42a-8 NOTE: minor issue fixed in etch r6 point update CVE-2008-4862 - RESERVED + REJECTED CVE-2008-4861 - RESERVED + REJECTED CVE-2008-4860 - RESERVED + REJECTED CVE-2008-4859 - RESERVED + REJECTED CVE-2008-4858 - RESERVED + REJECTED CVE-2008-4857 - RESERVED + REJECTED CVE-2008-4856 - RESERVED + REJECTED CVE-2008-4855 - RESERVED + REJECTED CVE-2008-4854 - RESERVED + REJECTED CVE-2008-4853 - RESERVED + REJECTED CVE-2008-4852 - RESERVED + REJECTED CVE-2008-4851 - RESERVED + REJECTED CVE-2008-4850 - RESERVED + REJECTED CVE-2008-4849 - RESERVED + REJECTED CVE-2008-4848 - RESERVED + REJECTED CVE-2008-4847 - RESERVED + REJECTED CVE-2008-4846 - RESERVED + REJECTED CVE-2008-4845 - RESERVED + REJECTED CVE-2008-4844 (Use-after-free vulnerability in the ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-4843 - RESERVED + REJECTED CVE-2008-4842 - RESERVED + REJECTED CVE-2008-4841 (The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows CVE-2008-4840 - RESERVED + REJECTED CVE-2008-4839 - RESERVED + REJECTED CVE-2008-4838 - RESERVED + REJECTED CVE-2008-4837 (Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 ...) NOT-FOR-US: Microsoft Office Word CVE-2008-4836 - RESERVED + REJECTED CVE-2008-4835 (SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and ...) NOT-FOR-US: Windows CVE-2008-4834 (Buffer overflow in SMB in the Server service in Microsoft Windows 2000 ...) NOT-FOR-US: Windows CVE-2008-4833 - RESERVED + REJECTED CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows ...) NOT-FOR-US: rPath CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ...) @@ -6167,9 +6167,9 @@ CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD U NOTE: see http://kbase.redhat.com/faq/docs/DOC-18730 for possible mitigation via iptables NOTE: also see usage of ipt_connlimit as a mitigation strategy CVE-2008-4608 - RESERVED + REJECTED CVE-2008-4607 - RESERVED + REJECTED CVE-2008-4606 (Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow ...) NOT-FOR-US: IP Reg CVE-2008-4605 (SQL injection vulnerability in CafeEngine allows remote attackers to ...) @@ -6586,7 +6586,7 @@ CVE-2008-4419 (Directory traversal vulnerability in the HP JetDirect web ...) CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and ...) NOT-FOR-US: HP-UX CVE-2008-4417 - RESERVED + REJECTED CVE-2008-4416 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows ...) NOT-FOR-US: HP-UX CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 ...) @@ -6969,19 +6969,19 @@ CVE-2008-4279 (The CPU hardware emulation for 64-bit guest operating systems in CVE-2008-4278 (VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows ...) NOT-FOR-US: VMWare VirtualCenter CVE-2008-4277 - RESERVED + REJECTED CVE-2008-4276 - RESERVED + REJECTED CVE-2008-4275 - RESERVED + REJECTED CVE-2008-4274 - RESERVED + REJECTED CVE-2008-4273 - RESERVED + REJECTED CVE-2008-4272 - RESERVED + REJECTED CVE-2008-4271 - RESERVED + REJECTED CVE-2008-4270 REJECTED CVE-2008-4269 (The search-ms protocol handler in Windows Explorer in Microsoft ...) @@ -6989,7 +6989,7 @@ CVE-2008-4269 (The search-ms protocol handler in Windows Explorer in Microsoft . CVE-2008-4268 (The Windows Search component in Microsoft Windows Vista Gold and SP1 ...) NOT-FOR-US: Microsoft Office Excel CVE-2008-4267 - RESERVED + REJECTED CVE-2008-4266 (Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 ...) NOT-FOR-US: Microsoft Office Excel CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execute ...) @@ -6997,9 +6997,9 @@ CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execut CVE-2008-4264 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...) NOT-FOR-US: Microsoft Office Excel CVE-2008-4263 - RESERVED + REJECTED CVE-2008-4262 - RESERVED + REJECTED CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a deleted ...) @@ -7009,7 +7009,7 @@ CVE-2008-4259 (Microsoft Internet Explorer 7 sometimes attempts to access ...) CVE-2008-4258 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-4257 - RESERVED + REJECTED CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual ...) NOT-FOR-US: Microsoft Visual Basic CVE-2008-4255 (Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX ...) @@ -7021,13 +7021,13 @@ CVE-2008-4253 (The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visua CVE-2008-4252 (The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual ...) NOT-FOR-US: Microsoft Visual Basic CVE-2008-4251 - RESERVED + REJECTED CVE-2008-4250 (The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2008-4249 - RESERVED + REJECTED CVE-2008-4248 - RESERVED + REJECTED CVE-2008-4246 (Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 ...) NOT-FOR-US: Denora IRC Stats Server CVE-2008-4245 (The Admin Control Panel in Rianxosencabos CMS 0.9 does not require ...) @@ -7564,9 +7564,9 @@ CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Ser CVE-2008-4036 (Integer overflow in Memory Manager in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2008-4035 - RESERVED + REJECTED CVE-2008-4034 - RESERVED + REJECTED CVE-2008-4033 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 through ...) NOT-FOR-US: Microsoft XML Core CVE-2008-4032 (Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft ...) @@ -7590,9 +7590,9 @@ CVE-2008-4024 (Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for M CVE-2008-4023 (Active Directory in Microsoft Windows 2000 SP4 does not properly ...) NOT-FOR-US: Microsoft Windows CVE-2008-4022 - RESERVED + REJECTED CVE-2008-4021 - RESERVED + REJECTED CVE-2008-4020 (Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 ...) NOT-FOR-US: Microsoft Office CVE-2008-4019 (Integer overflow in the REPT function in Microsoft Excel 2000 SP3, ...) @@ -8097,7 +8097,7 @@ CVE-2008-3823 (Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.ph {DSA-1642-1 DTSA-165-1} - horde3 3.2.2+debian0-1 (low; bug #499579) CVE-2008-3822 - RESERVED + REJECTED CVE-2008-3821 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server ...) NOT-FOR-US: Cisco IOS CVE-2008-3820 (Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event ...) @@ -8847,7 +8847,7 @@ CVE-2008-3543 (Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier CVE-2008-3542 (Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 ...) NOT-FOR-US: HP Insight Diagnostics CVE-2008-3541 - RESERVED + REJECTED CVE-2008-3540 RESERVED CVE-2008-3539 (Unspecified vulnerability in HP OpenView Select Identity (HPSI) ...) @@ -9026,7 +9026,7 @@ CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) CVE-2008-3479 (Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) ...) NOT-FOR-US: Microsoft Windows CVE-2008-3478 - RESERVED + REJECTED CVE-2008-3477 (Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not ...) NOT-FOR-US: Microsoft Excel CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...) @@ -9042,13 +9042,13 @@ CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine t CVE-2008-3471 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...) NOT-FOR-US: Microsoft CVE-2008-3470 - RESERVED + REJECTED CVE-2008-3469 - RESERVED + REJECTED CVE-2008-3468 - RESERVED + REJECTED CVE-2008-3467 - RESERVED + REJECTED CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not ...) NOT-FOR-US: Microsoft CVE-2008-3465 (Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 ...) @@ -9056,11 +9056,11 @@ CVE-2008-3465 (Heap-based buffer overflow in an API in GDI in Microsoft Windows CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in Microsoft ...) NOT-FOR-US: Microsoft CVE-2008-3463 - RESERVED + REJECTED CVE-2008-3462 - RESERVED + REJECTED CVE-2008-3461 - RESERVED + REJECTED CVE-2008-3460 (WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; ...) NOT-FOR-US: Microsoft Office 2000 CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...) @@ -9944,11 +9944,11 @@ CVE-2008-3088 (Cross-site scripting (XSS) vulnerability in the Files module in . CVE-2008-3087 (Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote ...) NOT-FOR-US: Kasseler CMS CVE-2008-3086 - RESERVED + REJECTED CVE-2008-3085 - RESERVED + REJECTED CVE-2008-3084 - RESERVED + REJECTED CVE-2008-3216 (The save function in br/prefmanager.d in projectl 1.001 creates a ...) - projectl 1.001.dfsg1-2 (low; bug #489988) [etch] - projectl <no-dsa> (Minor issue) @@ -10098,9 +10098,9 @@ CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...) NOT-FOR-US: Microsoft Office 2000 CVE-2008-3017 - RESERVED + REJECTED CVE-2008-3016 - RESERVED + REJECTED CVE-2008-3015 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, ...) NOT-FOR-US: Microsoft Office XP CVE-2008-3014 (Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer ...) @@ -10110,7 +10110,7 @@ CVE-2008-3013 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows CVE-2008-3012 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-3011 - RESERVED + REJECTED CVE-2008-3010 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2008-3009 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 ...) @@ -10128,7 +10128,7 @@ CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1 does not properly delete the ...) NOT-FOR-US: Microsoft Office Excel CVE-2008-3002 - RESERVED + REJECTED CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote ...) NOT-FOR-US: additional drupal module Aggregation module CVE-2008-3000 (The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access ...) @@ -11135,7 +11135,7 @@ CVE-2008-2586 (Unspecified vulnerability in the Oracle Application Object Librar CVE-2008-2585 (Unspecified vulnerability in the Oracle Report Manager component in ...) NOT-FOR-US: Oracle database CVE-2008-2584 - RESERVED + REJECTED CVE-2008-2583 (Unspecified vulnerability in the sample Discussion Forum Portlet for ...) NOT-FOR-US: Oracle database CVE-2008-2582 (Unspecified vulnerability in the WebLogic Server component in Oracle ...) @@ -11851,11 +11851,11 @@ CVE-2008-2264 (Cross-site scripting (XSS) vulnerability in index.php in CyrixMED CVE-2008-2263 (SQL injection vulnerability in linking.page.php in Automated Link ...) NOT-FOR-US: Automated Link Exchange Portal CVE-2008-2262 - RESERVED + REJECTED CVE-2008-2261 - RESERVED + REJECTED CVE-2008-2260 - RESERVED + REJECTED CVE-2008-2259 (Microsoft Internet Explorer 6 and 7 does not perform proper "argument ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...) @@ -11889,7 +11889,7 @@ CVE-2008-2245 (Heap-based buffer overflow in the InternalOpenColorProfile functi CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Office Word CVE-2008-2243 - RESERVED + REJECTED CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA ...) NOT-FOR-US: CA BrightStor ARCServe Backup CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ...) @@ -12373,7 +12373,7 @@ CVE-2008-2050 (Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PH CVE-2008-2042 (The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2008-2039 - RESERVED + REJECTED CVE-2008-2038 (Multiple SQL injection vulnerabilities in admin/adminindex.php in ...) NOT-FOR-US: Tunkey WebTools CVE-2008-2037 (Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts ...) @@ -13733,13 +13733,13 @@ CVE-2008-1454 (Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, S CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista ...) NOT-FOR-US: Windows Xp CVE-2008-1452 - RESERVED + REJECTED CVE-2008-1451 (The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 ...) NOT-FOR-US: Microsoft Windows CVE-2008-1450 - RESERVED + REJECTED CVE-2008-1449 - RESERVED + REJECTED CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook Express ...) NOT-FOR-US: Microsoft Outlook Express CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...) @@ -13773,7 +13773,7 @@ CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Profess CVE-2008-1444 (Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on ...) NOT-FOR-US: Microsoft Windows CVE-2008-1443 - RESERVED + REJECTED CVE-2008-1442 (Heap-based buffer overflow in the substringData method in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2008-1441 (Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold ...) @@ -13781,7 +13781,7 @@ CVE-2008-1441 (Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista CVE-2008-1440 (Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does ...) NOT-FOR-US: Microsoft Windows CVE-2008-1439 - RESERVED + REJECTED CVE-2008-1438 (Unspecified vulnerability in Microsoft Malware Protection Engine ...) NOT-FOR-US: Microsoft Malware Protection Engine CVE-2008-1437 (Unspecified vulnerability in Microsoft Malware Protection Engine ...) @@ -13793,7 +13793,7 @@ CVE-2008-1435 (Windows Explorer in Microsoft Windows Vista up to SP1, and Server CVE-2008-1434 (Use-after-free vulnerability in Microsoft Word in Office 2000 and XP ...) NOT-FOR-US: Microsoft Word CVE-2008-1433 - RESERVED + REJECTED CVE-2008-1432 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ...) NOT-FOR-US: ManageEngine SupportCenter Plus CVE-2008-1431 (RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a ...) @@ -15486,7 +15486,7 @@ CVE-2008-0712 (Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnost CVE-2008-0711 (Unspecified vulnerability in the embedded management console in HP ...) NOT-FOR-US: HP iLO-2 management processors CVE-2008-0710 - RESERVED + REJECTED CVE-2008-0709 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...) NOT-FOR-US: HP Select Identity CVE-2008-0708 (HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) ...) @@ -15496,7 +15496,7 @@ CVE-2008-0707 (HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP CVE-2008-0706 (Unspecified vulnerability in the BIOS F.26 and earlier for the HP ...) NOT-FOR-US: BIOS F.26 CVE-2008-0705 - RESERVED + REJECTED CVE-2008-0704 (Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP ...) NOT-FOR-US: HP OpenVMS CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96 allow ...) @@ -16994,7 +16994,7 @@ CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 200 CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft ...) NOT-FOR-US: Windows CVE-2008-0079 - RESERVED + REJECTED CVE-2008-0078 (Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-0077 (Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 ...) @@ -17104,7 +17104,7 @@ CVE-2008-0032 (Apple QuickTime before 7.4 allows remote attackers to execute ... CVE-2008-0031 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2008-0030 - RESERVED + REJECTED CVE-2008-0029 (Cisco Application Velocity System (AVS) before 5.1.0 is installed with ...) NOT-FOR-US: Cisco CVE-2008-0028 (Unspecified vulnerability in Cisco PIX 500 Series Security Appliance ...) diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 3a527949c3..67927fee98 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -110,9 +110,9 @@ CVE-2009-5110 (dhttpd allows remote attackers to cause a denial of service (daem CVE-2009-5109 (Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows ...) NOT-FOR-US: Mini-Stream Ripper CVE-2009-5108 - RESERVED + REJECTED CVE-2009-5107 - RESERVED + REJECTED CVE-2009-5106 RESERVED CVE-2009-5105 @@ -1498,7 +1498,7 @@ CVE-2009-4487 (nginx 0.7.64 writes data to a log file without sanitizing ...) CVE-2009-4486 (Stack-based buffer overflow in the eDirectory plugin in Novell ...) NOT-FOR-US: iManager CVE-2009-4485 - RESERVED + REJECTED CVE-2009-4484 (Multiple stack-based buffer overflows in the CertDecoder::GetName ...) {DSA-1997-1} - mysql-dfsg-5.0 <removed> (medium) @@ -2759,13 +2759,13 @@ CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in ...) [lenny] - devil <no-dsa> (Minor issue) [etch] - devil <no-dsa> (Minor issue) CVE-2009-3993 - RESERVED + REJECTED CVE-2009-3992 - RESERVED + REJECTED CVE-2009-3991 - RESERVED + REJECTED CVE-2009-3990 - RESERVED + REJECTED CVE-2009-3989 (Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and ...) - bugzilla 3.4.7.0-1 (unimportant) NOTE: http://www.bugzilla.org/security/3.0.10/ @@ -2969,15 +2969,15 @@ CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 al [lenny] - file <not-affected> [etch] - file <not-affected> CVE-2009-3929 - RESERVED + REJECTED CVE-2009-3928 - RESERVED + REJECTED CVE-2009-3927 - RESERVED + REJECTED CVE-2009-3926 - RESERVED + REJECTED CVE-2009-3925 - RESERVED + REJECTED CVE-2009-XXXX [eglibc: ldd arbitrary code execution] - eglibc 2.10.1-7 (unimportant; bug #552518) - glibc 2.10.1-7 (unimportant; bug #552518) @@ -3314,7 +3314,7 @@ CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1. CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might ...) NOT-FOR-US: Adobe Flash CVE-2009-3795 - RESERVED + REJECTED CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and ...) NOT-FOR-US: Adobe Flash CVE-2009-3793 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and ...) @@ -3455,7 +3455,7 @@ CVE-2009-3743 (Off-by-one error in the Ins_MINDEX function in the TrueType bytec CVE-2009-3742 (Cross-site scripting (XSS) vulnerability in Liferay Portal before ...) - liferay-portal <itp> (bug #569819) CVE-2009-3741 - RESERVED + REJECTED CVE-2009-3740 RESERVED CVE-2009-3739 (Multiple unspecified vulnerabilities on the Rockwell Automation AB ...) @@ -3751,27 +3751,27 @@ CVE-2009-3691 (Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM .. CVE-2009-3690 RESERVED CVE-2009-3689 - RESERVED + REJECTED CVE-2009-3688 - RESERVED + REJECTED CVE-2009-3687 - RESERVED + REJECTED CVE-2009-3686 - RESERVED + REJECTED CVE-2009-3685 - RESERVED + REJECTED CVE-2009-3684 - RESERVED + REJECTED CVE-2009-3683 - RESERVED + REJECTED CVE-2009-3682 - RESERVED + REJECTED CVE-2009-3681 - RESERVED + REJECTED CVE-2009-3680 - RESERVED + REJECTED CVE-2009-3679 - RESERVED + REJECTED CVE-2009-3678 (Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in ...) NOT-FOR-US: Microsoft Windows CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 ...) @@ -4583,7 +4583,7 @@ CVE-2009-3400 (Unspecified vulnerability in the Oracle Advanced Benefits compone CVE-2009-3399 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: BEA Product Suite CVE-2009-3398 - RESERVED + REJECTED CVE-2009-3397 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle E-Business Suite CVE-2009-3396 (Unspecified vulnerability in the WebLogic Server component in BEA ...) @@ -4591,7 +4591,7 @@ CVE-2009-3396 (Unspecified vulnerability in the WebLogic Server component in BEA CVE-2009-3395 (Unspecified vulnerability in the AutoVue component in Oracle ...) NOT-FOR-US: Oracle E-Business Suite CVE-2009-3394 - RESERVED + REJECTED CVE-2009-3393 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle E-Business Suite CVE-2009-3392 (Unspecified vulnerability in the Agile Engineering Data Management ...) @@ -5225,25 +5225,25 @@ CVE-2009-3163 (Multiple format string vulnerabilities in lib/silcclient/command. - silc-server 1.1.2-1 (medium) NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2 CVE-2009-3145 - RESERVED + REJECTED CVE-2009-3144 - RESERVED + REJECTED CVE-2009-3143 - RESERVED + REJECTED CVE-2009-3142 - RESERVED + REJECTED CVE-2009-3141 - RESERVED + REJECTED CVE-2009-3140 - RESERVED + REJECTED CVE-2009-3139 - RESERVED + REJECTED CVE-2009-3138 - RESERVED + REJECTED CVE-2009-3137 - RESERVED + REJECTED CVE-2009-3136 - RESERVED + REJECTED CVE-2009-3135 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 ...) NOT-FOR-US: Microsoft Office CVE-2009-3134 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...) @@ -5520,7 +5520,7 @@ CVE-2009-3036 (Cross-site scripting (XSS) vulnerability in the console in Symant CVE-2009-3035 (The web console in Symantec Altiris Notification Server 6.0.x before ...) NOT-FOR-US: Symantec Altiris Notification Server CVE-2009-3034 - RESERVED + REJECTED CVE-2009-3033 (Buffer overflow in the RunCmd method in the Altiris eXpress NS Console ...) NOT-FOR-US: ActiveX CVE-2009-3032 (Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the ...) @@ -6403,15 +6403,15 @@ CVE-2009-XXXX [php5: 'open_basedir' bypass] - php5 5.3.1-1 (unimportant; bug #540606) NOTE: only affects 5.3.0 in experimental, open_basedir unsupported CVE-2009-2710 - RESERVED + REJECTED CVE-2009-2709 - RESERVED + REJECTED CVE-2009-2708 - RESERVED + REJECTED CVE-2009-2707 (Unspecified vulnerability in ia32el (aka the IA 32 emulation ...) NOT-FOR-US: SUSE Linux CVE-2009-2706 - RESERVED + REJECTED CVE-2009-2705 (CA SiteMinder allows remote attackers to bypass cross-site scripting ...) NOT-FOR-US: SiteMinder CVE-2009-2704 (CA SiteMinder allows remote attackers to bypass cross-site scripting ...) @@ -6939,11 +6939,11 @@ CVE-2009-2524 (Integer underflow in the NTLM authentication feature in the Local CVE-2009-2523 (The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 ...) NOT-FOR-US: Microsoft Windows 2000 CVE-2009-2522 - RESERVED + REJECTED CVE-2009-2521 (Stack consumption vulnerability in the FTP Service in Microsoft ...) NOT-FOR-US: Microsoft Internet Information Server CVE-2009-2520 - RESERVED + REJECTED CVE-2009-2519 (The DHTML Editing Component ActiveX control in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows CVE-2009-2518 (Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote ...) @@ -8446,7 +8446,7 @@ CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services Cli CVE-2009-1928 (Stack consumption vulnerability in the LDAP service in Active ...) NOT-FOR-US: Microsoft Windows CVE-2009-1927 - RESERVED + REJECTED CVE-2009-1926 (Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista ...) NOT-FOR-US: Microsoft Windows CVE-2009-1925 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...) @@ -8458,7 +8458,7 @@ CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service ( CVE-2009-1922 (The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, ...) NOT-FOR-US: Microsoft Windows CVE-2009-1921 - RESERVED + REJECTED CVE-2009-1920 (The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in ...) NOT-FOR-US: Microsoft CVE-2009-1919 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 ...) @@ -8613,7 +8613,7 @@ CVE-2009-1873 (Directory traversal vulnerability in logging/logviewer.jsp in the CVE-2009-1872 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe ...) NOT-FOR-US: Adobe ColdFusion Server CVE-2009-1871 - RESERVED + REJECTED CVE-2009-1870 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and ...) NOT-FOR-US: Adobe Flash CVE-2009-1869 (Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile ...) @@ -9589,13 +9589,13 @@ CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media fi CVE-2009-1544 (Double free vulnerability in the Workstation service in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2009-1543 - RESERVED + REJECTED CVE-2009-1542 (The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, ...) NOT-FOR-US: Microsoft CVE-2009-1541 - RESERVED + REJECTED CVE-2009-1540 - RESERVED + REJECTED CVE-2009-1539 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in ...) NOT-FOR-US: Microsoft DirectX CVE-2009-1538 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in ...) @@ -10677,7 +10677,7 @@ CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Secu CVE-2009-1154 (Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Cisco CVE-2009-1153 - RESERVED + REJECTED CVE-2009-1152 (Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly ...) NOT-FOR-US: Siemens router CVE-2009-1151 (Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x ...) @@ -12209,7 +12209,7 @@ CVE-2009-0569 (Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allow CVE-2009-0568 (The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP ...) NOT-FOR-US: Microsoft CVE-2009-0567 - RESERVED + REJECTED CVE-2009-0566 (Microsoft Office Publisher 2007 SP1 does not properly calculate object ...) NOT-FOR-US: Microsoft Office Publisher CVE-2009-0565 (Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 ...) @@ -13044,7 +13044,7 @@ CVE-2009-0238 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 CVE-2009-0237 (Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML ...) NOT-FOR-US: Microsoft Forefront Threat Management Gateway CVE-2009-0236 - RESERVED + REJECTED CVE-2009-0235 (Stack-based buffer overflow in the Word 97 text converter in WordPad ...) NOT-FOR-US: Microsoft WordPad CVE-2009-0234 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in ...) @@ -13386,7 +13386,7 @@ CVE-2009-0103 (Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9 CVE-2009-0102 (Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, ...) NOT-FOR-US: Microsoft CVE-2009-0101 - RESERVED + REJECTED CVE-2009-0100 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; ...) NOT-FOR-US: Microsoft Office Excel CVE-2009-0099 (The Electronic Messaging System Microsoft Data Base (EMSMDB32) ...) @@ -13404,7 +13404,7 @@ CVE-2009-0094 (The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 CVE-2009-0093 (Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and ...) NOT-FOR-US: Microsoft Windows CVE-2009-0092 - RESERVED + REJECTED CVE-2009-0091 (Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly ...) NOT-FOR-US: Microsoft .NET Framework CVE-2009-0090 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not ...) @@ -13440,9 +13440,9 @@ CVE-2009-0076 (Microsoft Internet Explorer 7, when XHTML strict mode is used, al CVE-2009-0075 (Microsoft Internet Explorer 7 does not properly handle errors during ...) NOT-FOR-US: Microsoft CVE-2009-0074 - RESERVED + REJECTED CVE-2009-0073 - RESERVED + REJECTED CVE-2009-0072 (Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote ...) NOT-FOR-US: Internet Explorer CVE-2009-0071 (Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is ...) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 251d3c7f99..7f568ea2a1 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -417,45 +417,45 @@ CVE-2010-5138 (wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a de CVE-2010-5137 (wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a ...) - bitcoin <not-affected> (Fixed before initial release) CVE-2010-5136 - RESERVED + REJECTED CVE-2010-5135 - RESERVED + REJECTED CVE-2010-5134 - RESERVED + REJECTED CVE-2010-5133 - RESERVED + REJECTED CVE-2010-5132 - RESERVED + REJECTED CVE-2010-5131 - RESERVED + REJECTED CVE-2010-5130 - RESERVED + REJECTED CVE-2010-5129 - RESERVED + REJECTED CVE-2010-5128 - RESERVED + REJECTED CVE-2010-5127 - RESERVED + REJECTED CVE-2010-5126 - RESERVED + REJECTED CVE-2010-5125 - RESERVED + REJECTED CVE-2010-5124 - RESERVED + REJECTED CVE-2010-5123 - RESERVED + REJECTED CVE-2010-5122 - RESERVED + REJECTED CVE-2010-5121 - RESERVED + REJECTED CVE-2010-5120 - RESERVED + REJECTED CVE-2010-5119 - RESERVED + REJECTED CVE-2010-5118 - RESERVED + REJECTED CVE-2010-5117 - RESERVED + REJECTED CVE-2010-5116 RESERVED CVE-2010-5115 @@ -2028,7 +2028,7 @@ CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV before CVE-2010-4478 (OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly ...) - openssh <not-affected> (J-PAKE not activated, see bug #606922) CVE-2010-4477 - RESERVED + REJECTED CVE-2010-4476 (The Double.parseDouble method in Java Runtime Environment (JRE) in ...) {DSA-2161-2 DSA-2161-1} - openjdk-6 6b18-1.8.7-1 (bug #612660) @@ -2522,23 +2522,23 @@ CVE-2010-4300 (Heap-based buffer overflow in the dissect_ldss_transfer function - wireshark 1.2.11-4 [lenny] - wireshark <not-affected> (Only affects >= 1.2) CVE-2010-4293 - RESERVED + REJECTED CVE-2010-4292 - RESERVED + REJECTED CVE-2010-4291 - RESERVED + REJECTED CVE-2010-4290 - RESERVED + REJECTED CVE-2010-4289 - RESERVED + REJECTED CVE-2010-4288 - RESERVED + REJECTED CVE-2010-4287 - RESERVED + REJECTED CVE-2010-4286 - RESERVED + REJECTED CVE-2010-4285 - RESERVED + REJECTED CVE-2010-4284 (SQL injection vulnerability in the authentication form in the ...) NOT-FOR-US: Samsung Integrated Management System CVE-2010-4283 (PHP remote file inclusion vulnerability in extras/pandora_diag.php in ...) @@ -2905,45 +2905,45 @@ CVE-2010-4143 (SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when CVE-2010-4142 (Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build ...) NOT-FOR-US: DATAC RealWin CVE-2010-4141 - RESERVED + REJECTED CVE-2010-4140 - RESERVED + REJECTED CVE-2010-4139 - RESERVED + REJECTED CVE-2010-4138 - RESERVED + REJECTED CVE-2010-4137 - RESERVED + REJECTED CVE-2010-4136 - RESERVED + REJECTED CVE-2010-4135 - RESERVED + REJECTED CVE-2010-4134 - RESERVED + REJECTED CVE-2010-4133 - RESERVED + REJECTED CVE-2010-4132 - RESERVED + REJECTED CVE-2010-4131 - RESERVED + REJECTED CVE-2010-4130 - RESERVED + REJECTED CVE-2010-4129 - RESERVED + REJECTED CVE-2010-4128 - RESERVED + REJECTED CVE-2010-4127 - RESERVED + REJECTED CVE-2010-4126 - RESERVED + REJECTED CVE-2010-4125 - RESERVED + REJECTED CVE-2010-4124 - RESERVED + REJECTED CVE-2010-4123 - RESERVED + REJECTED CVE-2010-4122 - RESERVED + REJECTED CVE-2010-4121 (** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning ...) NOT-FOR-US: IBM Tivoli CVE-2010-XXXX @@ -2951,11 +2951,11 @@ CVE-2010-XXXX CVE-2010-4120 (Multiple cross-site scripting (XSS) vulnerabilities in the TAM console ...) NOT-FOR-US: IBM Tivoli CVE-2010-4119 - RESERVED + REJECTED CVE-2010-4118 - RESERVED + REJECTED CVE-2010-4117 - RESERVED + REJECTED CVE-2010-4116 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5.x ...) NOT-FOR-US: HP StorageWorks Storage Mirroring CVE-2010-4115 (HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, ...) @@ -3318,9 +3318,9 @@ CVE-2010-3971 (Use-after-free vulnerability in the CSharedStyleSheet::Notify fun CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION function in ...) NOT-FOR-US: Microsoft Windows CVE-2010-3969 - RESERVED + REJECTED CVE-2010-3968 - RESERVED + REJECTED CVE-2010-3967 (Untrusted search path vulnerability in Microsoft Windows Movie Maker ...) NOT-FOR-US: Microsoft Windows CVE-2010-3966 (Untrusted search path vulnerability in Microsoft Windows Server 2008 ...) @@ -3350,7 +3350,7 @@ CVE-2010-3955 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publis CVE-2010-3954 (Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote ...) NOT-FOR-US: Microsoft Publisher CVE-2010-3953 - RESERVED + REJECTED CVE-2010-3952 (The FlashPix image converter in the graphics filters in Microsoft ...) NOT-FOR-US: Microsoft Office CVE-2010-3951 (Buffer overflow in the FlashPix image converter in the graphics ...) @@ -3360,7 +3360,7 @@ CVE-2010-3950 (The TIFF image converter in the graphics filters in Microsoft Off CVE-2010-3949 (Buffer overflow in the TIFF image converter in the graphics filters in ...) NOT-FOR-US: Microsoft Office CVE-2010-3948 - RESERVED + REJECTED CVE-2010-3947 (Heap-based buffer overflow in the TIFF image converter in the graphics ...) NOT-FOR-US: Microsoft Office CVE-2010-3946 (Integer overflow in the PICT image converter in the graphics filters ...) @@ -3380,13 +3380,13 @@ CVE-2010-3940 (Double free vulnerability in win32k.sys in the kernel-mode driver CVE-2010-3939 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2010-3938 - RESERVED + REJECTED CVE-2010-3937 (Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote ...) NOT-FOR-US: Microsoft Exchange Server CVE-2010-3936 (Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft ...) NOT-FOR-US: Forefront Unified Access Gateway CVE-2010-3935 - RESERVED + REJECTED CVE-2010-3934 (The browser in Research In Motion (RIM) BlackBerry Device Software ...) NOT-FOR-US: BlackBerry Device Software CVE-2010-3933 (Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested ...) @@ -3985,25 +3985,25 @@ CVE-2010-3729 (The SPDY protocol implementation in Google Chrome before 6.0.472. - webkit <not-affected> (chromium specific) - chromium-browser 6.0.472.62~r59676-1 CVE-2010-3728 - RESERVED + REJECTED CVE-2010-XXXX [amanda code injection] - amanda <not-affected> (Introduced in 3.1.1) CVE-2010-3727 - RESERVED + REJECTED CVE-2010-3726 - RESERVED + REJECTED CVE-2010-3725 - RESERVED + REJECTED CVE-2010-3724 - RESERVED + REJECTED CVE-2010-3723 - RESERVED + REJECTED CVE-2010-3722 - RESERVED + REJECTED CVE-2010-3721 - RESERVED + REJECTED CVE-2010-3720 - RESERVED + REJECTED CVE-2010-3719 (Eval injection vulnerability in IMAdminSchedTask.asp in the ...) NOT-FOR-US: Symantec IM Manager CVE-2010-3718 (Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running ...) @@ -4570,7 +4570,7 @@ CVE-2010-3545 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun J CVE-2010-3544 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...) NOT-FOR-US: Oracle iPlanet Web Server CVE-2010-3543 - RESERVED + REJECTED CVE-2010-3542 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...) NOT-FOR-US: Oracle Solaris CVE-2010-3541 (Unspecified vulnerability in the Networking component in Oracle Java ...) @@ -5020,23 +5020,23 @@ CVE-2010-3349 (Ardour 2.8.11 places a zero-length directory name in the ...) CVE-2010-3348 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3347 - RESERVED + REJECTED CVE-2010-3346 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3345 (Microsoft Internet Explorer 8 does not properly handle objects in ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3344 - RESERVED + REJECTED CVE-2010-3343 (Microsoft Internet Explorer 6 does not properly handle objects in ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3342 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3341 - RESERVED + REJECTED CVE-2010-3340 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-3339 - RESERVED + REJECTED CVE-2010-3338 (The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, ...) NOT-FOR-US: Microsoft Windows CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and ...) @@ -5339,11 +5339,11 @@ CVE-2010-3228 (The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platfo CVE-2010-3227 (Stack-based buffer overflow in the UpdateFrameTitleForDocument method ...) NOT-FOR-US: Microsoft Windows CVE-2010-3226 - RESERVED + REJECTED CVE-2010-3225 (Use-after-free vulnerability in the Media Player Network Sharing ...) NOT-FOR-US: Microsoft Windows Vista CVE-2010-3224 - RESERVED + REJECTED CVE-2010-3223 (The user interface in Microsoft Cluster Service (MSCS) in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2010-3222 (Stack-based buffer overflow in the Remote Procedure Call Subsystem ...) @@ -6667,7 +6667,7 @@ CVE-2010-2751 (The nsDocShell::OnRedirectStateChange function in ...) CVE-2010-2750 (Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac ...) NOT-FOR-US: Microsoft Word CVE-2010-2749 - RESERVED + REJECTED CVE-2010-2748 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check ...) NOT-FOR-US: Microsoft Word CVE-2010-2747 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...) @@ -6691,11 +6691,11 @@ CVE-2010-2739 (Buffer overflow in the CreateDIBPalette function in win32k.sys in CVE-2010-2738 (The Uniscribe (aka new Unicode Script Processor) implementation in ...) NOT-FOR-US: Microsoft Windows CVE-2010-2737 - RESERVED + REJECTED CVE-2010-2736 - RESERVED + REJECTED CVE-2010-2735 - RESERVED + REJECTED CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in ...) NOT-FOR-US: Microsoft Forefront Unified Access Gateway CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in ...) @@ -6711,9 +6711,9 @@ CVE-2010-2729 (The Print Spooler service in Microsoft Windows XP SP2 and SP3, Wi CVE-2010-2728 (Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, ...) NOT-FOR-US: Microsoft Outlook CVE-2010-2727 - RESERVED + REJECTED CVE-2010-2726 - RESERVED + REJECTED CVE-2010-2725 (BarnOwl before 1.6.2 does not check the return code of calls to the ...) {DSA-2102-1} - barnowl 1.6.2-1 (bug #593299) @@ -7117,7 +7117,7 @@ CVE-2010-2567 (The RPC client implementation in Microsoft Windows XP SP2 and SP3 CVE-2010-2566 (The Secure Channel (aka SChannel) security package in Microsoft ...) NOT-FOR-US: Microsoft CVE-2010-2565 - RESERVED + REJECTED CVE-2010-2564 (Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and ...) NOT-FOR-US: Microsoft CVE-2010-2563 (The Word 97 text converter in the WordPad Text Converters in Microsoft ...) @@ -8681,7 +8681,7 @@ CVE-2010-1886 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Window CVE-2010-1885 (The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help ...) NOT-FOR-US: Microsoft Windows CVE-2010-1884 - RESERVED + REJECTED CVE-2010-1883 (Integer overflow in the Embedded OpenType (EOT) Font Engine in ...) NOT-FOR-US: Microsoft Windows CVE-2010-1882 (Multiple buffer overflows in the MPEG Layer-3 Audio Codec for ...) @@ -9230,28 +9230,28 @@ CVE-2010-1702 (SQL injection vulnerability in submitticket.php in WHMCompleteSol CVE-2010-1701 (SQL injection vulnerability in browse.html in PHP Video Battle Script ...) NOT-FOR-US: PHP Video Battle Script CVE-2010-1700 - RESERVED + REJECTED CVE-2010-1699 - RESERVED + REJECTED CVE-2010-1698 - RESERVED + REJECTED CVE-2010-1697 - RESERVED + REJECTED CVE-2010-1696 - RESERVED + REJECTED CVE-2010-1695 - RESERVED + REJECTED CVE-2010-1694 - RESERVED + REJECTED CVE-2010-1693 (openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows ...) NOT-FOR-US: OpenFabrics Enterprise Distribution (OFED) NOTE: openibd is part of ofa-kernel (ofa_1_5_kernel-20101028-0200/ofed_scripts/openibd), fixed in 2010-10-28 build NOTE: http://www.openfabrics.org/downloads/ofa_1_5_kernel/ NOTE: ITP for ofa-kernel is bug #541849 CVE-2010-1692 - RESERVED + REJECTED CVE-2010-1691 - RESERVED + REJECTED CVE-2010-1690 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in ...) NOT-FOR-US: Microsoft Windows CVE-2010-1689 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in ...) @@ -11654,7 +11654,7 @@ CVE-2010-0815 (VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Micros CVE-2010-0814 (The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2010-0813 - RESERVED + REJECTED CVE-2010-0812 (Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, ...) NOT-FOR-US: Microsoft Windows CVE-2010-0811 (Multiple unspecified vulnerabilities in the Microsoft Internet ...) @@ -11662,7 +11662,7 @@ CVE-2010-0811 (Multiple unspecified vulnerabilities in the Microsoft Internet .. CVE-2010-0810 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows ...) NOT-FOR-US: Microsoft Windows CVE-2010-0809 - RESERVED + REJECTED CVE-2010-0808 (Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0807 (Microsoft Internet Explorer 7 does not properly handle objects in ...) @@ -12420,11 +12420,11 @@ CVE-2010-0497 (Disk Images in Apple Mac OS X before 10.6.3 does not provide the CVE-2010-0496 (FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for ...) NOT-FOR-US: Apple iPhone OS CVE-2010-0495 - RESERVED + REJECTED CVE-2010-0494 (Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0493 - RESERVED + REJECTED CVE-2010-0492 (Use-after-free vulnerability in mstime.dll in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...) @@ -13089,7 +13089,7 @@ CVE-2010-0261 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and CVE-2010-0260 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; ...) NOT-FOR-US: Microsoft Office CVE-2010-0259 - RESERVED + REJECTED CVE-2010-0258 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...) NOT-FOR-US: Microsoft Office CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the Excel file ...) @@ -13101,11 +13101,11 @@ CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does ...) NOT-FOR-US: Microsoft Office CVE-2010-0253 - RESERVED + REJECTED CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel ...) NOT-FOR-US: Microsoft Data Analyzer ActiveX control CVE-2010-0251 - RESERVED + REJECTED CVE-2010-0250 (Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used ...) NOT-FOR-US: Microsoft DirectX CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, ...) diff --git a/data/CVE/2011.list b/data/CVE/2011.list index b6822965a0..0d92ae5364 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -734,47 +734,47 @@ CVE-2011-5000 (The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 [squeeze] - openssh 1:5.5p1-6+squeeze4 NOTE: looking at the code an additional integer overflow check was added in at least 5.9 CVE-2011-4999 - RESERVED + REJECTED CVE-2011-4998 - RESERVED + REJECTED CVE-2011-4997 - RESERVED + REJECTED CVE-2011-4996 - RESERVED + REJECTED CVE-2011-4995 - RESERVED + REJECTED CVE-2011-4994 - RESERVED + REJECTED CVE-2011-4993 - RESERVED + REJECTED CVE-2011-4992 - RESERVED + REJECTED CVE-2011-4991 - RESERVED + REJECTED CVE-2011-4990 - RESERVED + REJECTED CVE-2011-4989 - RESERVED + REJECTED CVE-2011-4988 - RESERVED + REJECTED CVE-2011-4987 - RESERVED + REJECTED CVE-2011-4986 - RESERVED + REJECTED CVE-2011-4985 - RESERVED + REJECTED CVE-2011-4984 - RESERVED + REJECTED CVE-2011-4983 - RESERVED + REJECTED CVE-2011-4982 - RESERVED + REJECTED CVE-2011-4981 - RESERVED + REJECTED CVE-2011-4980 - RESERVED + REJECTED CVE-2011-4979 - RESERVED + REJECTED CVE-2011-4978 RESERVED CVE-2011-4977 @@ -1246,21 +1246,21 @@ CVE-2011-4801 (SQL injection vulnerability in akeyActivationLogin.do in Authenex CVE-2011-4800 (Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 ...) NOT-FOR-US: Serv-U FTP Server CVE-2011-4799 - RESERVED + REJECTED CVE-2011-4798 - RESERVED + REJECTED CVE-2011-4797 - RESERVED + REJECTED CVE-2011-4796 - RESERVED + REJECTED CVE-2011-4795 - RESERVED + REJECTED CVE-2011-4794 - RESERVED + REJECTED CVE-2011-4793 - RESERVED + REJECTED CVE-2011-4792 - RESERVED + REJECTED CVE-2011-4791 (DBServer.exe in HP Data Protector Media Operations 6.11 and earlier ...) NOT-FOR-US: HP Data Protector CVE-2011-4790 (Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, ...) @@ -2097,48 +2097,48 @@ CVE-2011-4432 (www/include/configuration/nconfigObject/contact/DB-Func.php in .. CVE-2011-4431 (Directory traversal vulnerability in main.php in Merethis Centreon ...) NOT-FOR-US: Merethis Centreon CVE-2011-4430 - RESERVED + REJECTED CVE-2011-4429 - RESERVED + REJECTED CVE-2011-4428 - RESERVED + REJECTED CVE-2011-4427 - RESERVED + REJECTED CVE-2011-4426 - RESERVED + REJECTED CVE-2011-4425 - RESERVED + REJECTED CVE-2011-4424 - RESERVED + REJECTED CVE-2011-4423 - RESERVED + REJECTED CVE-2011-4422 - RESERVED + REJECTED CVE-2011-4421 - RESERVED + REJECTED CVE-2011-4420 - RESERVED + REJECTED CVE-2011-4419 - RESERVED + REJECTED CVE-2011-4418 - RESERVED + REJECTED CVE-2011-4417 - RESERVED + REJECTED CVE-2011-4416 - RESERVED + REJECTED CVE-2011-4415 (The ap_pregsub function in server/util.c in the Apache HTTP Server ...) - apache2 2.4.1-1 (unimportant) NOTE: apache2 does not protect or claim to protect against DoS through .htaccess CVE-2011-4414 - RESERVED + REJECTED CVE-2011-4413 - RESERVED + REJECTED CVE-2011-4412 - RESERVED + REJECTED CVE-2011-4411 - RESERVED + REJECTED CVE-2011-4410 - RESERVED + REJECTED CVE-2011-4409 (The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 ...) NOT-FOR-US: Ubuntu One CVE-2011-4408 (The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and ...) @@ -2500,17 +2500,17 @@ CVE-2011-4274 (Cross-site scripting (XSS) vulnerability in the A-Form PC and ... CVE-2011-4273 (Multiple cross-site scripting (XSS) vulnerabilities in GoAhead ...) NOT-FOR-US: GoAhead Webserver CVE-2011-4272 - RESERVED + REJECTED CVE-2011-4271 - RESERVED + REJECTED CVE-2011-4270 - RESERVED + REJECTED CVE-2011-4269 - RESERVED + REJECTED CVE-2011-4268 - RESERVED + REJECTED CVE-2011-4267 - RESERVED + REJECTED CVE-2011-4266 (Untrusted search path vulnerability in FFFTP before 1.98d allows local ...) NOT-FOR-US: FFFTP CVE-2011-4265 (Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 ...) @@ -3983,25 +3983,25 @@ CVE-2011-3683 CVE-2011-3682 RESERVED CVE-2011-3681 - RESERVED + REJECTED CVE-2011-3680 - RESERVED + REJECTED CVE-2011-3679 - RESERVED + REJECTED CVE-2011-3678 - RESERVED + REJECTED CVE-2011-3677 - RESERVED + REJECTED CVE-2011-3676 - RESERVED + REJECTED CVE-2011-3675 - RESERVED + REJECTED CVE-2011-3674 - RESERVED + REJECTED CVE-2011-3673 - RESERVED + REJECTED CVE-2011-3672 - RESERVED + REJECTED CVE-2011-3671 (Use-after-free vulnerability in the nsHTMLSelectElement function in ...) - xulrunner <not-affected> (Only affects Firefox >= 4) - iceweasel 9.0-1 @@ -4401,7 +4401,7 @@ CVE-2011-3574 (Unspecified vulnerability in Oracle Communications Unified 7.0 al CVE-2011-3573 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...) NOT-FOR-US: Oracle Communications Unified CVE-2011-3572 - RESERVED + REJECTED CVE-2011-3571 (Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) ...) NOTE: CVE was misused by Oracle. Replaced by CVE-2012-0507. CVE-2011-3570 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...) @@ -4411,7 +4411,7 @@ CVE-2011-3569 (Unspecified vulnerability in the Oracle Web Services Manager comp CVE-2011-3568 (Unspecified vulnerability in the Oracle Web Services Manager component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-3567 - RESERVED + REJECTED CVE-2011-3566 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-3565 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...) @@ -4536,7 +4536,7 @@ CVE-2011-3542 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express all CVE-2011-3541 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-3540 - RESERVED + REJECTED CVE-2011-3539 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...) NOT-FOR-US: Oracle Solaris CVE-2011-3538 (Unspecified vulnerability in the Sun Ray component in Oracle ...) @@ -4612,7 +4612,7 @@ CVE-2011-3507 (Unspecified vulnerability in the Oracle Communications Unified .. CVE-2011-3506 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2011-3505 - RESERVED + REJECTED CVE-2011-3504 (The Matroska format decoder in FFmpeg before 0.8.3 does not properly ...) {DSA-2336-1} - libav 4:0.7.2-1 (bug #643859) @@ -4663,7 +4663,7 @@ CVE-2011-3481 (The index_get_ids function in index.c in imapd in Cyrus IMAP Serv - kolab-cyrus-imapd <removed> [squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts) CVE-2011-3480 - RESERVED + REJECTED CVE-2011-3479 (Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite ...) NOT-FOR-US: Symantec pcAnywhere CVE-2011-3478 (The host-services component in Symantec pcAnywhere 12.5.x through ...) @@ -4671,7 +4671,7 @@ CVE-2011-3478 (The host-services component in Symantec pcAnywhere 12.5.x through CVE-2011-3477 RESERVED CVE-2011-3476 - RESERVED + REJECTED CVE-2011-3475 RESERVED CVE-2011-3474 @@ -4803,9 +4803,9 @@ CVE-2011-3420 (Multiple unspecified vulnerabilities in Google Chrome before ...) - chromium-browser 14.0.835.163~r101024-1 (unimportant) NOTE: duplicate CVE-2011-3419 - RESERVED + REJECTED CVE-2011-3418 - RESERVED + REJECTED CVE-2011-3417 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft ...) NOT-FOR-US: Microsoft ASP.NET CVE-2011-3416 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft ...) @@ -4824,15 +4824,15 @@ CVE-2011-3411 (Microsoft Publisher 2003 SP3 allows remote attackers to execute . CVE-2011-3410 (Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and ...) NOT-FOR-US: Microsoft Publisher CVE-2011-3409 - RESERVED + REJECTED CVE-2011-3408 (Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the ...) NOT-FOR-US: Microsoft Windows XP CVE-2011-3407 - RESERVED + REJECTED CVE-2011-3406 (Buffer overflow in Active Directory, Active Directory Application Mode ...) NOT-FOR-US: Microsoft Active Directory CVE-2011-3405 - RESERVED + REJECTED CVE-2011-3404 (Microsoft Internet Explorer 6 through 9 does not properly use the ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-3403 (Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly ...) @@ -4844,15 +4844,15 @@ CVE-2011-3401 (ENCDEC.DLL in Windows Media Player and Media Center in Microsoft CVE-2011-3400 (Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly ...) NOT-FOR-US: Microsoft Windows XP CVE-2011-3399 - RESERVED + REJECTED CVE-2011-3398 - RESERVED + REJECTED CVE-2011-3397 (The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 ...) NOT-FOR-US: Microsoft Windows XP CVE-2011-3396 (Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 ...) NOT-FOR-US: Microsoft PowerPoint CVE-2011-3395 - RESERVED + REJECTED CVE-2011-3394 (SQL injection vulnerability in findagent.php in MYRE Real Estate ...) NOT-FOR-US: MYRE Real Estate CVE-2011-3393 (Multiple cross-site scripting (XSS) vulnerabilities in findagent.php ...) @@ -5573,7 +5573,7 @@ CVE-2011-3141 (Buffer overflow in the InBatch BatchField ActiveX control for Inv CVE-2011-3140 (IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and ...) NOT-FOR-US: IBM Web Application Firewall CVE-2011-3139 - RESERVED + REJECTED CVE-2011-3138 (The LTPA STS module support implementation in IBM Tivoli Federated ...) NOT-FOR-US: Tivoli CVE-2011-3137 (Unspecified vulnerability in the Management Console in IBM Tivoli ...) @@ -6172,25 +6172,25 @@ CVE-2011-2975 (Double free vulnerability in the msAddImageSymbol function in ... [lenny] - mapserver <not-affected> (Vulnerable code not present) [squeeze] - mapserver <not-affected> (Vulnerable code not present) CVE-2011-2974 - RESERVED + REJECTED CVE-2011-2973 - RESERVED + REJECTED CVE-2011-2972 - RESERVED + REJECTED CVE-2011-2971 - RESERVED + REJECTED CVE-2011-2970 - RESERVED + REJECTED CVE-2011-2969 - RESERVED + REJECTED CVE-2011-2968 - RESERVED + REJECTED CVE-2011-2967 - RESERVED + REJECTED CVE-2011-2966 - RESERVED + REJECTED CVE-2011-2965 - RESERVED + REJECTED CVE-2011-2964 (foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 ...) {DSA-2380-1} - foomatic-filters 4.0.9-1 @@ -6917,7 +6917,7 @@ CVE-2011-2736 (RSA enVision 4.x before 4 SP4 P3 places cleartext administrative CVE-2011-2735 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before ...) NOT-FOR-US: EMC AutoStart CVE-2011-2734 - RESERVED + REJECTED CVE-2011-2733 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...) NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise CVE-2011-2732 (CRLF injection vulnerability in the logout functionality in VMware ...) @@ -7733,7 +7733,7 @@ CVE-2011-2420 (Adobe Shockwave Player before 11.6.1.629 allows remote attackers CVE-2011-2419 (IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows remote ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2418 - RESERVED + REJECTED CVE-2011-2417 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2416 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, ...) @@ -8136,7 +8136,7 @@ CVE-2011-2278 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS compo CVE-2011-2277 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2276 - RESERVED + REJECTED CVE-2011-2275 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2011-2274 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) @@ -8148,17 +8148,17 @@ CVE-2011-2272 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM compo CVE-2011-2271 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle E-Business Suite CVE-2011-2270 - RESERVED + REJECTED CVE-2011-2269 - RESERVED + REJECTED CVE-2011-2268 - RESERVED + REJECTED CVE-2011-2267 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-2266 - RESERVED + REJECTED CVE-2011-2265 - RESERVED + REJECTED CVE-2011-2264 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2011-2263 (Unspecified vulnerability in Sun Integrated Lights Out Manager in ...) @@ -8177,11 +8177,11 @@ CVE-2011-2258 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Expr CVE-2011-2257 (Unspecified vulnerability in the Database Target Type Menus component ...) NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control CVE-2011-2256 - RESERVED + REJECTED CVE-2011-2255 (Unspecified vulnerability in the Oracle WebLogic Portal component in ...) NOT-FOR-US: Oracle Fusion CVE-2011-2254 - RESERVED + REJECTED CVE-2011-2253 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2011-2252 (Unspecified vulnerability in the Oracle Secure Backup component in ...) @@ -8195,7 +8195,7 @@ CVE-2011-2249 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows r CVE-2011-2248 (Unspecified vulnerability in the SQL Performance Advisories/UIs ...) NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control CVE-2011-2247 - RESERVED + REJECTED CVE-2011-2246 (Unspecified vulnerability in the Business Intelligence component in ...) NOT-FOR-US: Oracle E-Business Suite CVE-2011-2245 (Unspecified vulnerability in the Solaris component in Oracle Sun ...) @@ -8217,13 +8217,13 @@ CVE-2011-2238 (Unspecified vulnerability in the Database Vault component in Orac CVE-2011-2237 (Unspecified vulnerability in the Oracle Web Services Manager component ...) NOT-FOR-US: Oracle Fusion CVE-2011-2236 - RESERVED + REJECTED CVE-2011-2235 - RESERVED + REJECTED CVE-2011-2234 - RESERVED + REJECTED CVE-2011-2233 - RESERVED + REJECTED CVE-2011-2232 (Unspecified vulnerability in the XML Developer Kit component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2011-2231 (Unspecified vulnerability in the XML Developer Kit component in Oracle ...) @@ -8231,9 +8231,9 @@ CVE-2011-2231 (Unspecified vulnerability in the XML Developer Kit component in O CVE-2011-2230 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2011-2229 - RESERVED + REJECTED CVE-2011-2228 - RESERVED + REJECTED CVE-2011-2227 (Cross-site scripting (XSS) vulnerability in Novell Identity Manager ...) NOT-FOR-US: Novell Identity Manager CVE-2011-2226 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as ...) @@ -8580,7 +8580,7 @@ CVE-2011-2131 (Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creati CVE-2011-2130 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2129 - RESERVED + REJECTED CVE-2011-2128 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2011-2127 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute ...) @@ -8811,11 +8811,11 @@ CVE-2011-2019 (Untrusted search path vulnerability in Microsoft Internet Explore CVE-2011-2018 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...) NOT-FOR-US: Microsoft Windows XP CVE-2011-2017 - RESERVED + REJECTED CVE-2011-2016 (Untrusted search path vulnerability in Windows Mail and Windows ...) NOT-FOR-US: Microsoft Windows CVE-2011-2015 - RESERVED + REJECTED CVE-2011-2014 (The LDAP over SSL (aka LDAPS) implementation in Active Directory, ...) NOT-FOR-US: Microsoft Windows CVE-2011-2013 (Integer overflow in the TCP/IP implementation in Microsoft Windows ...) @@ -8833,7 +8833,7 @@ CVE-2011-2008 (Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, CVE-2011-2007 (Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and ...) NOT-FOR-US: Microsoft Host Integration Server CVE-2011-2006 - RESERVED + REJECTED CVE-2011-2005 (afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 ...) NOT-FOR-US: Microsoft Windows CVE-2011-2004 (Array index error in win32k.sys in the kernel-mode drivers in ...) @@ -8857,7 +8857,7 @@ CVE-2011-1996 (Microsoft Internet Explorer 6 through 8 does not properly handle CVE-2011-1995 (Microsoft Internet Explorer 6 through 9 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1994 - RESERVED + REJECTED CVE-2011-1993 (Microsoft Internet Explorer 6 through 9 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1992 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...) @@ -8883,7 +8883,7 @@ CVE-2011-1983 (Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3 CVE-2011-1982 (Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize ...) NOT-FOR-US: Microsoft Office CVE-2011-1981 - RESERVED + REJECTED CVE-2011-1980 (Untrusted search path vulnerability in Microsoft Office 2003 SP3 and ...) NOT-FOR-US: Microsoft Office CVE-2011-1979 (Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate ...) @@ -8899,7 +8899,7 @@ CVE-2011-1975 (Untrusted search path vulnerability in the Data Access Tracing .. CVE-2011-1974 (NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in ...) NOT-FOR-US: Microsoft Windows CVE-2011-1973 - RESERVED + REJECTED CVE-2011-1972 (Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not ...) NOT-FOR-US: Microsoft Visio CVE-2011-1971 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, ...) @@ -10797,7 +10797,7 @@ CVE-2011-1261 (Microsoft Internet Explorer 6 through 9 does not properly handle CVE-2011-1260 (Microsoft Internet Explorer 8 and 9 does not properly handle objects ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1259 - RESERVED + REJECTED CVE-2011-1258 (Microsoft Internet Explorer 6 through 8 does not properly restrict web ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1257 (Race condition in Microsoft Internet Explorer 6 through 8 allows ...) @@ -11972,7 +11972,7 @@ CVE-2011-0880 (Unspecified vulnerability in the Core RDBMS component in Oracle . CVE-2011-0879 (Unspecified vulnerability in the Instance Management component in ...) NOT-FOR-US: Oracle Database Server CVE-2011-0878 - RESERVED + REJECTED CVE-2011-0877 (Unspecified vulnerability in the Instance Management component in ...) NOT-FOR-US: Oracle Database Server CVE-2011-0876 (Unspecified vulnerability in the Enterprise Manager Console component ...) @@ -11980,7 +11980,7 @@ CVE-2011-0876 (Unspecified vulnerability in the Enterprise Manager Console compo CVE-2011-0875 (Unspecified vulnerability in the EMCTL component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2011-0874 - RESERVED + REJECTED CVE-2011-0873 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) [lenny] - sun-java6 6.26-0lenny1 [squeeze] - sun-java6 6.26-0squeeze1 @@ -12078,7 +12078,7 @@ CVE-2011-0844 (Unspecified vulnerability in the OpenSSO Enterprise and Sun Java CVE-2011-0843 (Unspecified vulnerability in the Siebel CRM Core component in Oracle ...) NOT-FOR-US: Oracle Siebel CRM CVE-2011-0842 - RESERVED + REJECTED CVE-2011-0841 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote ...) NOT-FOR-US: Oracle Solaris CVE-2011-0840 (Unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools ...) @@ -12545,7 +12545,7 @@ CVE-2011-0671 (Use-after-free vulnerability in win32k.sys in the kernel-mode dri CVE-2011-0670 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2011-0669 - RESERVED + REJECTED CVE-2011-0668 RESERVED CVE-2011-0667 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) @@ -12565,7 +12565,7 @@ CVE-2011-0661 (The SMB Server service in Microsoft Windows XP SP2 and SP3, Windo CVE-2011-0660 (The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2011-0659 - RESERVED + REJECTED CVE-2011-0658 (Integer underflow in the OLE Automation protocol implementation in ...) NOT-FOR-US: Microsoft Windows CVE-2011-0657 (DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, ...) @@ -12656,9 +12656,9 @@ CVE-2011-0619 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux CVE-2011-0618 (Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0617 - RESERVED + REJECTED CVE-2011-0616 - RESERVED + REJECTED CVE-2011-0615 (Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow ...) NOT-FOR-US: Adobe Audition CVE-2011-0614 (Buffer overflow in Adobe Audition 3.0.1 and earlier allows remote ...) @@ -12688,7 +12688,7 @@ CVE-2011-0603 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, an CVE-2011-0602 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0601 - RESERVED + REJECTED CVE-2011-0600 (The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x ...) NOT-FOR-US: Adobe Reader CVE-2011-0599 (The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat ...) @@ -12696,7 +12696,7 @@ CVE-2011-0599 (The Bitmap parsing component in rt3d.dll in Adobe Reader and Acro CVE-2011-0598 (Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before ...) NOT-FOR-US: Adobe Reader CVE-2011-0597 - RESERVED + REJECTED CVE-2011-0596 (The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat ...) NOT-FOR-US: Adobe Reader CVE-2011-0595 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...) @@ -12738,7 +12738,7 @@ CVE-2011-0578 (Adobe Flash Player before 10.2.152.26 allows attackers to execute CVE-2011-0577 (Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0576 - RESERVED + REJECTED CVE-2011-0575 (Untrusted search path vulnerability in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash Player CVE-2011-0574 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...) @@ -13834,15 +13834,15 @@ CVE-2011-0112 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows .. CVE-2011-0111 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0110 - RESERVED + REJECTED CVE-2011-0109 - RESERVED + REJECTED CVE-2011-0108 - RESERVED + REJECTED CVE-2011-0107 (Untrusted search path vulnerability in Microsoft Office XP SP3, Office ...) NOT-FOR-US: Microsoft Office CVE-2011-0106 - RESERVED + REJECTED CVE-2011-0105 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML ...) NOT-FOR-US: Microsoft Excel CVE-2011-0104 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, ...) @@ -13850,13 +13850,13 @@ CVE-2011-0104 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for M CVE-2011-0103 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, ...) NOT-FOR-US: Microsoft Excel CVE-2011-0102 - RESERVED + REJECTED CVE-2011-0101 (Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Microsoft Excel CVE-2011-0100 - RESERVED + REJECTED CVE-2011-0099 - RESERVED + REJECTED CVE-2011-0098 (Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 ...) NOT-FOR-US: Microsoft Excel CVE-2011-0097 (Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and ...) @@ -13864,7 +13864,7 @@ CVE-2011-0097 (Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2 CVE-2011-0096 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft mhtml CVE-2011-0095 - RESERVED + REJECTED CVE-2011-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-0093 (ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does ...) @@ -14069,7 +14069,7 @@ CVE-2011-0061 (Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbi - xulrunner <not-affected> (Only affects Firefox 3.6, not yet in unstable) - iceweasel <not-affected> (Only affects Firefox 3.6, not yet in unstable) CVE-2011-0060 - RESERVED + REJECTED CVE-2011-0059 (Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox ...) {DSA-2187-1 DSA-2186-1 DSA-2180-1} - icedove 3.0.11-2 @@ -14169,7 +14169,7 @@ CVE-2011-0046 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bug CVE-2011-0045 (The Trace Events functionality in the kernel in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows CVE-2011-0044 - RESERVED + REJECTED CVE-2011-0043 (Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 ...) NOT-FOR-US: Microsoft Windows CVE-2011-0042 (SBE.dll in the Stream Buffer Engine in Windows Media Player and ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 008c2291ac..3d9ea8dec4 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -741,47 +741,47 @@ CVE-2012-6423 CVE-2012-6422 (The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly ...) NOT-FOR-US: Android kernel CVE-2012-6421 - RESERVED + REJECTED CVE-2012-6420 - RESERVED + REJECTED CVE-2012-6419 - RESERVED + REJECTED CVE-2012-6418 - RESERVED + REJECTED CVE-2012-6417 - RESERVED + REJECTED CVE-2012-6416 - RESERVED + REJECTED CVE-2012-6415 - RESERVED + REJECTED CVE-2012-6414 - RESERVED + REJECTED CVE-2012-6413 - RESERVED + REJECTED CVE-2012-6412 - RESERVED + REJECTED CVE-2012-6411 - RESERVED + REJECTED CVE-2012-6410 - RESERVED + REJECTED CVE-2012-6409 - RESERVED + REJECTED CVE-2012-6408 - RESERVED + REJECTED CVE-2012-6407 - RESERVED + REJECTED CVE-2012-6406 - RESERVED + REJECTED CVE-2012-6405 - RESERVED + REJECTED CVE-2012-6404 - RESERVED + REJECTED CVE-2012-6403 - RESERVED + REJECTED CVE-2012-6402 - RESERVED + REJECTED CVE-2012-6401 - RESERVED + REJECTED CVE-2012-6400 RESERVED CVE-2012-6399 (Cisco WebEx 4.1 on iOS does not verify that the server hostname ...) @@ -847,19 +847,19 @@ CVE-2012-6370 CVE-2012-6369 (Cross-site scripting (XSS) vulnerability in the Troubleshooting ...) NOT-FOR-US: AgileBits 1Password CVE-2012-6368 - RESERVED + REJECTED CVE-2012-6367 - RESERVED + REJECTED CVE-2012-6366 - RESERVED + REJECTED CVE-2012-6365 - RESERVED + REJECTED CVE-2012-6364 - RESERVED + REJECTED CVE-2012-6363 - RESERVED + REJECTED CVE-2012-6362 - RESERVED + REJECTED CVE-2012-6361 RESERVED CVE-2012-6360 (Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations ...) @@ -932,9 +932,9 @@ CVE-2012-6329 (The _compile function in Maketext.pm in the Locale::Maketext ...) [squeeze] - perl 5.10.1-17squeeze5 - foswiki <itp> (bug #509864) CVE-2012-6328 - RESERVED + REJECTED CVE-2012-6327 - RESERVED + REJECTED CVE-2012-6326 (VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and ...) NOT-FOR-US: vCenter CVE-2012-6325 (VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not ...) @@ -1014,29 +1014,29 @@ CVE-2012-6291 CVE-2012-6290 (SQL injection vulnerability in ImageCMS before 4.2 allows remote ...) NOT-FOR-US: ImageCMS CVE-2012-6289 - RESERVED + REJECTED CVE-2012-6288 - RESERVED + REJECTED CVE-2012-6287 - RESERVED + REJECTED CVE-2012-6286 - RESERVED + REJECTED CVE-2012-6285 - RESERVED + REJECTED CVE-2012-6284 - RESERVED + REJECTED CVE-2012-6283 - RESERVED + REJECTED CVE-2012-6282 - RESERVED + REJECTED CVE-2012-6281 - RESERVED + REJECTED CVE-2012-6280 - RESERVED + REJECTED CVE-2012-6279 - RESERVED + REJECTED CVE-2012-6278 - RESERVED + REJECTED CVE-2012-6277 RESERVED CVE-2012-6276 (Directory traversal vulnerability in the web-based management ...) @@ -1054,229 +1054,229 @@ CVE-2012-6271 (Adobe Shockwave Player through 11.6.8.638 allows remote attackers CVE-2012-6270 (Adobe Shockwave Player through 11.6.8.638 allows remote attackers to ...) NOT-FOR-US: Adobe Shockwave CVE-2012-6269 - RESERVED + REJECTED CVE-2012-6268 - RESERVED + REJECTED CVE-2012-6267 - RESERVED + REJECTED CVE-2012-6266 - RESERVED + REJECTED CVE-2012-6265 - RESERVED + REJECTED CVE-2012-6264 - RESERVED + REJECTED CVE-2012-6263 - RESERVED + REJECTED CVE-2012-6262 - RESERVED + REJECTED CVE-2012-6261 - RESERVED + REJECTED CVE-2012-6260 - RESERVED + REJECTED CVE-2012-6259 - RESERVED + REJECTED CVE-2012-6258 - RESERVED + REJECTED CVE-2012-6257 - RESERVED + REJECTED CVE-2012-6256 - RESERVED + REJECTED CVE-2012-6255 - RESERVED + REJECTED CVE-2012-6254 - RESERVED + REJECTED CVE-2012-6253 - RESERVED + REJECTED CVE-2012-6252 - RESERVED + REJECTED CVE-2012-6251 - RESERVED + REJECTED CVE-2012-6250 - RESERVED + REJECTED CVE-2012-6249 - RESERVED + REJECTED CVE-2012-6248 - RESERVED + REJECTED CVE-2012-6247 - RESERVED + REJECTED CVE-2012-6246 - RESERVED + REJECTED CVE-2012-6245 - RESERVED + REJECTED CVE-2012-6244 - RESERVED + REJECTED CVE-2012-6243 - RESERVED + REJECTED CVE-2012-6242 - RESERVED + REJECTED CVE-2012-6241 - RESERVED + REJECTED CVE-2012-6240 - RESERVED + REJECTED CVE-2012-6239 - RESERVED + REJECTED CVE-2012-6238 - RESERVED + REJECTED CVE-2012-6237 - RESERVED + REJECTED CVE-2012-6236 - RESERVED + REJECTED CVE-2012-6235 - RESERVED + REJECTED CVE-2012-6234 - RESERVED + REJECTED CVE-2012-6233 - RESERVED + REJECTED CVE-2012-6232 - RESERVED + REJECTED CVE-2012-6231 - RESERVED + REJECTED CVE-2012-6230 - RESERVED + REJECTED CVE-2012-6229 - RESERVED + REJECTED CVE-2012-6228 - RESERVED + REJECTED CVE-2012-6227 - RESERVED + REJECTED CVE-2012-6226 - RESERVED + REJECTED CVE-2012-6225 - RESERVED + REJECTED CVE-2012-6224 - RESERVED + REJECTED CVE-2012-6223 - RESERVED + REJECTED CVE-2012-6222 - RESERVED + REJECTED CVE-2012-6221 - RESERVED + REJECTED CVE-2012-6220 - RESERVED + REJECTED CVE-2012-6219 - RESERVED + REJECTED CVE-2012-6218 - RESERVED + REJECTED CVE-2012-6217 - RESERVED + REJECTED CVE-2012-6216 - RESERVED + REJECTED CVE-2012-6215 - RESERVED + REJECTED CVE-2012-6214 - RESERVED + REJECTED CVE-2012-6213 - RESERVED + REJECTED CVE-2012-6212 - RESERVED + REJECTED CVE-2012-6211 - RESERVED + REJECTED CVE-2012-6210 - RESERVED + REJECTED CVE-2012-6209 - RESERVED + REJECTED CVE-2012-6208 - RESERVED + REJECTED CVE-2012-6207 - RESERVED + REJECTED CVE-2012-6206 - RESERVED + REJECTED CVE-2012-6205 - RESERVED + REJECTED CVE-2012-6204 - RESERVED + REJECTED CVE-2012-6203 - RESERVED + REJECTED CVE-2012-6202 - RESERVED + REJECTED CVE-2012-6201 - RESERVED + REJECTED CVE-2012-6200 - RESERVED + REJECTED CVE-2012-6199 - RESERVED + REJECTED CVE-2012-6198 - RESERVED + REJECTED CVE-2012-6197 - RESERVED + REJECTED CVE-2012-6196 - RESERVED + REJECTED CVE-2012-6195 - RESERVED + REJECTED CVE-2012-6194 - RESERVED + REJECTED CVE-2012-6193 - RESERVED + REJECTED CVE-2012-6192 - RESERVED + REJECTED CVE-2012-6191 - RESERVED + REJECTED CVE-2012-6190 - RESERVED + REJECTED CVE-2012-6189 - RESERVED + REJECTED CVE-2012-6188 - RESERVED + REJECTED CVE-2012-6187 - RESERVED + REJECTED CVE-2012-6186 - RESERVED + REJECTED CVE-2012-6185 - RESERVED + REJECTED CVE-2012-6184 - RESERVED + REJECTED CVE-2012-6183 - RESERVED + REJECTED CVE-2012-6182 - RESERVED + REJECTED CVE-2012-6181 - RESERVED + REJECTED CVE-2012-6180 - RESERVED + REJECTED CVE-2012-6179 - RESERVED + REJECTED CVE-2012-6178 - RESERVED + REJECTED CVE-2012-6177 - RESERVED + REJECTED CVE-2012-6176 - RESERVED + REJECTED CVE-2012-6175 - RESERVED + REJECTED CVE-2012-6174 - RESERVED + REJECTED CVE-2012-6173 - RESERVED + REJECTED CVE-2012-6172 - RESERVED + REJECTED CVE-2012-6171 - RESERVED + REJECTED CVE-2012-6170 - RESERVED + REJECTED CVE-2012-6169 - RESERVED + REJECTED CVE-2012-6168 - RESERVED + REJECTED CVE-2012-6167 - RESERVED + REJECTED CVE-2012-6166 - RESERVED + REJECTED CVE-2012-6165 - RESERVED + REJECTED CVE-2012-6164 - RESERVED + REJECTED CVE-2012-6163 - RESERVED + REJECTED CVE-2012-6162 - RESERVED + REJECTED CVE-2012-6161 - RESERVED + REJECTED CVE-2012-6160 - RESERVED + REJECTED CVE-2012-6159 - RESERVED + REJECTED CVE-2012-6158 - RESERVED + REJECTED CVE-2012-6157 RESERVED CVE-2012-6156 @@ -2157,15 +2157,15 @@ CVE-2012-5854 (Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows [wheezy] - weechat 0.3.8-1+deb7u1 [squeeze] - weechat <not-affected> (Vulnerable code not present) CVE-2012-5848 - RESERVED + REJECTED CVE-2012-5847 - RESERVED + REJECTED CVE-2012-5846 - RESERVED + REJECTED CVE-2012-5845 - RESERVED + REJECTED CVE-2012-5844 - RESERVED + REJECTED - openjdk-6 <not-affected> (JavaFX not part of OpenJDK) - openjdk-7 <not-affected> (JavaFX not part of OpenJDK) CVE-2012-5843 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) @@ -2216,7 +2216,7 @@ CVE-2012-5835 (Integer overflow in the WebGL subsystem in Mozilla Firefox before [squeeze] - icedove <not-affected> (Vulnerable code not present) [squeeze] - iceape <not-affected> (Vulnerable code not present) CVE-2012-5834 - RESERVED + REJECTED CVE-2012-5833 (The texImage2D implementation in the WebGL subsystem in Mozilla ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 @@ -2225,9 +2225,9 @@ CVE-2012-5833 (The texImage2D implementation in the WebGL subsystem in Mozilla . [squeeze] - icedove <not-affected> (Vulnerable code not present) [squeeze] - iceape <not-affected> (Vulnerable code not present) CVE-2012-5832 - RESERVED + REJECTED CVE-2012-5831 - RESERVED + REJECTED CVE-2012-5830 (Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 @@ -2357,15 +2357,15 @@ CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in t CVE-2012-5776 RESERVED CVE-2012-5775 - RESERVED + REJECTED CVE-2012-5774 - RESERVED + REJECTED CVE-2012-5773 - RESERVED + REJECTED CVE-2012-5772 - RESERVED + REJECTED CVE-2012-5771 - RESERVED + REJECTED CVE-2012-5770 (The SSL configuration in IBM Tivoli Application Dependency Discovery ...) NOT-FOR-US: IBM CVE-2012-5769 (IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 ...) @@ -2549,9 +2549,9 @@ CVE-2012-5684 (Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and ear CVE-2012-5683 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel ...) NOT-FOR-US: ZPanel CVE-2012-5682 - RESERVED + REJECTED CVE-2012-5681 - RESERVED + REJECTED CVE-2012-5680 (Buffer overflow in Adobe Photoshop Camera Raw before 7.3 allows ...) NOT-FOR-US: Adobe Photoshop Camera Raw CVE-2012-5679 (Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows ...) @@ -3601,13 +3601,13 @@ CVE-2012-5286 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x CVE-2012-5285 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5284 - RESERVED + REJECTED CVE-2012-5283 - RESERVED + REJECTED CVE-2012-5282 - RESERVED + REJECTED CVE-2012-5281 - RESERVED + REJECTED CVE-2012-5280 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5279 (Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on ...) @@ -4651,77 +4651,77 @@ CVE-2012-4815 CVE-2012-4814 RESERVED CVE-2012-4813 - RESERVED + REJECTED CVE-2012-4812 - RESERVED + REJECTED CVE-2012-4811 - RESERVED + REJECTED CVE-2012-4810 - RESERVED + REJECTED CVE-2012-4809 - RESERVED + REJECTED CVE-2012-4808 - RESERVED + REJECTED CVE-2012-4807 - RESERVED + REJECTED CVE-2012-4806 - RESERVED + REJECTED CVE-2012-4805 - RESERVED + REJECTED CVE-2012-4804 - RESERVED + REJECTED CVE-2012-4803 - RESERVED + REJECTED CVE-2012-4802 - RESERVED + REJECTED CVE-2012-4801 - RESERVED + REJECTED CVE-2012-4800 - RESERVED + REJECTED CVE-2012-4799 - RESERVED + REJECTED CVE-2012-4798 - RESERVED + REJECTED CVE-2012-4797 - RESERVED + REJECTED CVE-2012-4796 - RESERVED + REJECTED CVE-2012-4795 - RESERVED + REJECTED CVE-2012-4794 - RESERVED + REJECTED CVE-2012-4793 - RESERVED + REJECTED CVE-2012-4792 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-4791 (Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote ...) NOT-FOR-US: Microsoft Exchange Server CVE-2012-4790 - RESERVED + REJECTED CVE-2012-4789 - RESERVED + REJECTED CVE-2012-4788 - RESERVED + REJECTED CVE-2012-4787 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-4786 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2012-4785 - RESERVED + REJECTED CVE-2012-4784 - RESERVED + REJECTED CVE-2012-4783 - RESERVED + REJECTED CVE-2012-4782 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-4781 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-4780 - RESERVED + REJECTED CVE-2012-4779 - RESERVED + REJECTED CVE-2012-4778 - RESERVED + REJECTED CVE-2012-4777 (The code-optimization feature in the reflection implementation in ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-4776 (The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET ...) @@ -6179,7 +6179,7 @@ CVE-2012-4212 (Use-after-free vulnerability in the XPCWrappedNative::Mark functi - iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental) - icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4211 - RESERVED + REJECTED CVE-2012-4210 (The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR ...) - iceweasel 10.0.11esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) @@ -6354,7 +6354,7 @@ CVE-2012-4171 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.26 CVE-2012-4170 (Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows ...) NOT-FOR-US: Adobe Photoshop CS6 CVE-2012-4169 - RESERVED + REJECTED CVE-2012-4168 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...) NOT-FOR-US: Adobe Flash CVE-2012-4167 (Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x ...) @@ -6420,51 +6420,51 @@ CVE-2012-XXXX [insecure default configuration / authentication bypass] CVE-2012-4141 (Directory traversal vulnerability in the CLI parser in Cisco NX-OS ...) NOT-FOR-US: Cisco CVE-2012-4140 - RESERVED + REJECTED CVE-2012-4139 - RESERVED + REJECTED CVE-2012-4138 - RESERVED + REJECTED CVE-2012-4137 - RESERVED + REJECTED CVE-2012-4136 (The high-availability service in the Fabric Interconnect component in ...) NOT-FOR-US: Cisco CVE-2012-4135 (Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and ...) NOT-FOR-US: Cisco CVE-2012-4134 - RESERVED + REJECTED CVE-2012-4133 - RESERVED + REJECTED CVE-2012-4132 - RESERVED + REJECTED CVE-2012-4131 (Directory traversal vulnerability in tar in Cisco NX-OS allows local ...) NOT-FOR-US: Cisco CVE-2012-4130 - RESERVED + REJECTED CVE-2012-4129 - RESERVED + REJECTED CVE-2012-4128 - RESERVED + REJECTED CVE-2012-4127 - RESERVED + REJECTED CVE-2012-4126 - RESERVED + REJECTED CVE-2012-4125 - RESERVED + REJECTED CVE-2012-4124 - RESERVED + REJECTED CVE-2012-4123 - RESERVED + REJECTED CVE-2012-4122 (The CLI parser in Cisco NX-OS allows local users to bypass intended ...) NOT-FOR-US: Cisco CVE-2012-4121 (Cisco NX-OS allows local users to gain privileges, and read or modify ...) NOT-FOR-US: Cisco CVE-2012-4120 - RESERVED + REJECTED CVE-2012-4119 - RESERVED + REJECTED CVE-2012-4118 - RESERVED + REJECTED CVE-2012-4117 (The fabric-interconnect component in Cisco Unified Computing System ...) NOT-FOR-US: Cisco CVE-2012-4116 (The fabric-interconnect component in Cisco Unified Computing System ...) @@ -6498,9 +6498,9 @@ CVE-2012-4103 (ethanalyzer in the fabric-interconnect component in Cisco Unified CVE-2012-4102 (The activate firmware command in the fabric-interconnect component in ...) NOT-FOR-US: Cisco CVE-2012-4101 - RESERVED + REJECTED CVE-2012-4100 - RESERVED + REJECTED CVE-2012-4099 (The BGP implementation in Cisco NX-OS does not properly filter AS ...) NOT-FOR-US: Cisco CVE-2012-4098 (The BGP implementation in Cisco NX-OS does not properly filter AS ...) @@ -6540,7 +6540,7 @@ CVE-2012-4082 (MCTools in the Cisco Management Controller in Cisco Unified Compu CVE-2012-4081 (MCServer in the Cisco Management Controller in Cisco Unified Computing ...) NOT-FOR-US: Cisco CVE-2012-4080 - RESERVED + REJECTED CVE-2012-4079 (The XML API service in the Fabric Interconnect component in Cisco ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4078 (The Baseboard Management Controller (BMC) in Cisco Unified Computing ...) @@ -7709,7 +7709,7 @@ CVE-2012-3585 (Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS CVE-2012-3584 RESERVED CVE-2012-3583 - RESERVED + REJECTED CVE-2012-3582 (Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly ...) NOT-FOR-US: Symantec PGP Universal Server CVE-2012-3581 (Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers ...) @@ -8628,7 +8628,7 @@ CVE-2012-3267 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.2 CVE-2012-3266 (Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX ...) NOT-FOR-US: HP IBRIX CVE-2012-3265 - RESERVED + REJECTED CVE-2012-3264 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...) NOT-FOR-US: HP SiteScope CVE-2012-3263 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...) @@ -8986,7 +8986,7 @@ CVE-2012-3105 (The glBufferData function in the WebGL implementation in Mozilla - iceweasel 10.0.5esr-1 [squeeze] - iceweasel <not-affected> (Vulnerable code not present) CVE-2012-3104 - RESERVED + REJECTED CVE-2012-3103 RESERVED CVE-2012-3102 @@ -10340,9 +10340,9 @@ CVE-2012-2557 (Use-after-free vulnerability in Microsoft Internet Explorer 6 thr CVE-2012-2556 (The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2012-2555 - RESERVED + REJECTED CVE-2012-2554 - RESERVED + REJECTED CVE-2012-2553 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2012-2552 (Cross-site scripting (XSS) vulnerability in the SQL Server Report ...) @@ -10356,35 +10356,35 @@ CVE-2012-2549 (The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Serv CVE-2012-2548 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...) NOT-FOR-US: Internet Explorer CVE-2012-2547 - RESERVED + REJECTED CVE-2012-2546 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...) NOT-FOR-US: Internet Explorer CVE-2012-2545 - RESERVED + REJECTED CVE-2012-2544 - RESERVED + REJECTED CVE-2012-2543 (Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and ...) NOT-FOR-US: Microsoft Excel CVE-2012-2542 - RESERVED + REJECTED CVE-2012-2541 - RESERVED + REJECTED CVE-2012-2540 - RESERVED + REJECTED CVE-2012-2539 (Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; ...) NOT-FOR-US: Microsoft Office CVE-2012-2538 - RESERVED + REJECTED CVE-2012-2537 - RESERVED + REJECTED CVE-2012-2536 (Cross-site scripting (XSS) vulnerability in Microsoft Systems ...) NOT-FOR-US: Microsoft Systems Management Server CVE-2012-2535 - RESERVED + REJECTED CVE-2012-2534 - RESERVED + REJECTED CVE-2012-2533 - RESERVED + REJECTED CVE-2012-2532 (Microsoft FTP Service 7.0 and 7.5 for Internet Information Services ...) NOT-FOR-US: Microsoft FTP Service CVE-2012-2531 (Microsoft Internet Information Services (IIS) 7.5 uses weak ...) @@ -10400,7 +10400,7 @@ CVE-2012-2527 (Use-after-free vulnerability in win32k.sys in the kernel-mode dri CVE-2012-2526 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2012-2525 - RESERVED + REJECTED CVE-2012-2524 (Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers ...) NOT-FOR-US: Microsoft Office CVE-2012-2523 (Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, ...) @@ -10414,7 +10414,7 @@ CVE-2012-2520 (Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 20 CVE-2012-2519 (Untrusted search path vulnerability in Entity Framework in ADO.NET in ...) NOT-FOR-US: Microsoft .NET framework CVE-2012-2518 - RESERVED + REJECTED CVE-2012-2517 RESERVED CVE-2012-2516 (An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the ...) @@ -10982,7 +10982,7 @@ CVE-2012-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the Creati CVE-2012-2296 (The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2295 - RESERVED + REJECTED CVE-2012-2294 (EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before ...) NOT-FOR-US: EMC RSA Archer CVE-2012-2293 (Directory traversal vulnerability in EMC RSA Archer SmartSuite ...) @@ -11065,7 +11065,7 @@ CVE-2012-2256 CVE-2012-2255 REJECTED CVE-2012-2254 - RESERVED + REJECTED CVE-2012-2253 (Cross-site scripting (XSS) vulnerability in group/members.php in ...) {DSA-2591-1} - mahara 1.5.1-3.1 (bug #695789) @@ -11100,7 +11100,7 @@ CVE-2012-2246 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote .. NOTE: https://mahara.org/interaction/forum/topic.php?id=493 NOTE: https://bugs.launchpad.net/mahara/+bug/1057240 CVE-2012-2245 - RESERVED + REJECTED CVE-2012-2244 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote ...) {DSA-2591-1} - mahara 1.5.1-3 @@ -12061,9 +12061,9 @@ CVE-2012-1886 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel . CVE-2012-1885 (Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and ...) NOT-FOR-US: Microsoft Excel CVE-2012-1884 - RESERVED + REJECTED CVE-2012-1883 - RESERVED + REJECTED CVE-2012-1882 (Microsoft Internet Explorer 6 through 9 does not block cross-domain ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1881 (Microsoft Internet Explorer 8 and 9 does not properly handle objects ...) @@ -12087,11 +12087,11 @@ CVE-2012-1873 (Microsoft Internet Explorer 7 through 9 does not properly create CVE-2012-1872 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1871 - RESERVED + REJECTED CVE-2012-1870 (The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 ...) NOT-FOR-US: Microsoft Windows XP CVE-2012-1869 - RESERVED + REJECTED CVE-2012-1868 (Race condition in the thread-creation implementation in win32k.sys in ...) NOT-FOR-US: Microsoft Windows XP CVE-2012-1867 (Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...) @@ -14147,25 +14147,25 @@ CVE-2012-0974 (Multiple cross-site scripting (XSS) vulnerabilities in the getPar CVE-2012-0973 (Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow ...) NOT-FOR-US: OSClass CVE-2012-0972 - RESERVED + REJECTED CVE-2012-0971 - RESERVED + REJECTED CVE-2012-0970 - RESERVED + REJECTED CVE-2012-0969 - RESERVED + REJECTED CVE-2012-0968 - RESERVED + REJECTED CVE-2012-0967 - RESERVED + REJECTED CVE-2012-0966 - RESERVED + REJECTED CVE-2012-0965 - RESERVED + REJECTED CVE-2012-0964 - RESERVED + REJECTED CVE-2012-0963 - RESERVED + REJECTED CVE-2012-0962 (Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when ...) - aptdaemon 0.45-2 (low) [squeeze] - aptdaemon <not-affected> (Vulnerable code not present) @@ -15645,13 +15645,13 @@ CVE-2012-0410 (Directory traversal vulnerability in WebAccess in Novell GroupWis CVE-2012-0409 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before ...) NOT-FOR-US: EMC CVE-2012-0408 - RESERVED + REJECTED CVE-2012-0407 (Integer overflow in the DPA_Utilities library in EMC Data Protection ...) NOT-FOR-US: emc.com Data Protection Advisor CVE-2012-0406 (The DPA_Utilities.cProcessAuthenticationData function in EMC Data ...) NOT-FOR-US: emc.com Data Protection Advisor CVE-2012-0405 - RESERVED + REJECTED CVE-2012-0404 (Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom ...) NOT-FOR-US: EMC Documentum eRoom CVE-2012-0403 (Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 ...) @@ -16178,7 +16178,7 @@ CVE-2012-0168 (Microsoft Internet Explorer 6 through 9 allows user-assisted remo CVE-2012-0167 (Heap-based buffer overflow in the Office GDI+ library in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2012-0166 - RESERVED + REJECTED CVE-2012-0165 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office ...) NOT-FOR-US: Microsoft Windows CVE-2012-0164 (Microsoft .NET Framework 4 does not properly compare index values, ...) @@ -16204,7 +16204,7 @@ CVE-2012-0155 (Microsoft Internet Explorer 9 does not properly handle objects in CVE-2012-0154 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft CVE-2012-0153 - RESERVED + REJECTED NOT-FOR-US: Microsoft CVE-2012-0152 (The Remote Desktop Protocol (RDP) service in Microsoft Windows Server ...) NOT-FOR-US: Microsoft Windows @@ -16231,10 +16231,10 @@ CVE-2012-0142 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 CVE-2012-0141 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; ...) NOT-FOR-US: Microsoft CVE-2012-0140 - RESERVED + REJECTED NOT-FOR-US: Microsoft CVE-2012-0139 - RESERVED + REJECTED NOT-FOR-US: Microsoft CVE-2012-0138 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle ...) NOT-FOR-US: Microsoft diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 579a98119f..873623476e 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -885,17 +885,17 @@ CVE-2013-7171 CVE-2013-7170 RESERVED CVE-2013-7169 - RESERVED + REJECTED CVE-2013-7168 - RESERVED + REJECTED CVE-2013-7167 - RESERVED + REJECTED CVE-2013-7166 - RESERVED + REJECTED CVE-2013-7165 - RESERVED + REJECTED CVE-2013-7164 - RESERVED + REJECTED CVE-2013-7163 RESERVED CVE-2013-7162 @@ -984,13 +984,13 @@ CVE-2013-7187 (SQL injection vulnerability in form.php in the FormCraft plugin 1 CVE-2013-7149 (SQL injection vulnerability in www/delivery/axmlrpc.php (aka the ...) NOT-FOR-US: Revive Adserver CVE-2013-7148 - RESERVED + REJECTED CVE-2013-7147 - RESERVED + REJECTED CVE-2013-7146 - RESERVED + REJECTED CVE-2013-7145 - RESERVED + REJECTED CVE-2013-7144 (LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X ...) NOT-FOR-US: LINE CVE-2013-7143 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...) @@ -1033,29 +1033,29 @@ CVE-2013-7128 (Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in CVE-2013-7127 (Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext ...) NOT-FOR-US: Apple Safari CVE-2013-7126 - RESERVED + REJECTED CVE-2013-7125 - RESERVED + REJECTED CVE-2013-7124 - RESERVED + REJECTED CVE-2013-7123 - RESERVED + REJECTED CVE-2013-7122 - RESERVED + REJECTED CVE-2013-7121 - RESERVED + REJECTED CVE-2013-7120 - RESERVED + REJECTED CVE-2013-7119 - RESERVED + REJECTED CVE-2013-7118 - RESERVED + REJECTED CVE-2013-7117 - RESERVED + REJECTED CVE-2013-7116 - RESERVED + REJECTED CVE-2013-7115 - RESERVED + REJECTED CVE-2013-7109 RESERVED CVE-2013-7105 (Buffer overflow in the Interstage HTTP Server log functionality, as ...) @@ -1996,29 +1996,29 @@ CVE-2013-6763 (The uio_mmap_physical function in drivers/uio/uio.c in the Linux NOTE: Red Hat consider this as a non-issue: NOTE: http://seclists.org/oss-sec/2013/q4/282 CVE-2013-6762 - RESERVED + REJECTED CVE-2013-6761 - RESERVED + REJECTED CVE-2013-6760 - RESERVED + REJECTED CVE-2013-6759 - RESERVED + REJECTED CVE-2013-6758 - RESERVED + REJECTED CVE-2013-6757 - RESERVED + REJECTED CVE-2013-6756 - RESERVED + REJECTED CVE-2013-6755 - RESERVED + REJECTED CVE-2013-6754 - RESERVED + REJECTED CVE-2013-6753 - RESERVED + REJECTED CVE-2013-6752 - RESERVED + REJECTED CVE-2013-6751 - RESERVED + REJECTED CVE-2013-6750 RESERVED CVE-2013-6749 (Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr ...) @@ -2088,7 +2088,7 @@ CVE-2013-6718 (The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, CVE-2013-6717 (The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 ...) NOT-FOR-US: IBM CVE-2013-6716 - RESERVED + REJECTED CVE-2013-6715 RESERVED CVE-2013-6714 (The FlashCopy Manager for VMware component in IBM Tivoli Storage ...) @@ -2162,17 +2162,17 @@ CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Applian CVE-2013-6681 RESERVED CVE-2013-6680 - RESERVED + REJECTED CVE-2013-6679 - RESERVED + REJECTED CVE-2013-6678 - RESERVED + REJECTED CVE-2013-6677 - RESERVED + REJECTED CVE-2013-6676 - RESERVED + REJECTED CVE-2013-6675 - RESERVED + REJECTED CVE-2013-6674 (Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x ...) - icedove 24.2.0-1 [squeeze] - icedove <end-of-life> @@ -2450,225 +2450,225 @@ CVE-2013-6621 (Use-after-free vulnerability in Google Chrome before 31.0.1650.48 - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser <end-of-life> CVE-2013-6616 - RESERVED + REJECTED CVE-2013-6615 - RESERVED + REJECTED CVE-2013-6614 - RESERVED + REJECTED CVE-2013-6613 - RESERVED + REJECTED CVE-2013-6612 - RESERVED + REJECTED CVE-2013-6611 - RESERVED + REJECTED CVE-2013-6610 - RESERVED + REJECTED CVE-2013-6609 - RESERVED + REJECTED CVE-2013-6608 - RESERVED + REJECTED CVE-2013-6607 - RESERVED + REJECTED CVE-2013-6606 - RESERVED + REJECTED CVE-2013-6605 - RESERVED + REJECTED CVE-2013-6604 - RESERVED + REJECTED CVE-2013-6603 - RESERVED + REJECTED CVE-2013-6602 - RESERVED + REJECTED CVE-2013-6601 - RESERVED + REJECTED CVE-2013-6600 - RESERVED + REJECTED CVE-2013-6599 - RESERVED + REJECTED CVE-2013-6598 - RESERVED + REJECTED CVE-2013-6597 - RESERVED + REJECTED CVE-2013-6596 - RESERVED + REJECTED CVE-2013-6595 - RESERVED + REJECTED CVE-2013-6594 - RESERVED + REJECTED CVE-2013-6593 - RESERVED + REJECTED CVE-2013-6592 - RESERVED + REJECTED CVE-2013-6591 - RESERVED + REJECTED CVE-2013-6590 - RESERVED + REJECTED CVE-2013-6589 - RESERVED + REJECTED CVE-2013-6588 - RESERVED + REJECTED CVE-2013-6587 - RESERVED + REJECTED CVE-2013-6586 - RESERVED + REJECTED CVE-2013-6585 - RESERVED + REJECTED CVE-2013-6584 - RESERVED + REJECTED CVE-2013-6583 - RESERVED + REJECTED CVE-2013-6582 - RESERVED + REJECTED CVE-2013-6581 - RESERVED + REJECTED CVE-2013-6580 - RESERVED + REJECTED CVE-2013-6579 - RESERVED + REJECTED CVE-2013-6578 - RESERVED + REJECTED CVE-2013-6577 - RESERVED + REJECTED CVE-2013-6576 - RESERVED + REJECTED CVE-2013-6575 - RESERVED + REJECTED CVE-2013-6574 - RESERVED + REJECTED CVE-2013-6573 - RESERVED + REJECTED CVE-2013-6572 - RESERVED + REJECTED CVE-2013-6571 - RESERVED + REJECTED CVE-2013-6570 - RESERVED + REJECTED CVE-2013-6569 - RESERVED + REJECTED CVE-2013-6568 - RESERVED + REJECTED CVE-2013-6567 - RESERVED + REJECTED CVE-2013-6566 - RESERVED + REJECTED CVE-2013-6565 - RESERVED + REJECTED CVE-2013-6564 - RESERVED + REJECTED CVE-2013-6563 - RESERVED + REJECTED CVE-2013-6562 - RESERVED + REJECTED CVE-2013-6561 - RESERVED + REJECTED CVE-2013-6560 - RESERVED + REJECTED CVE-2013-6559 - RESERVED + REJECTED CVE-2013-6558 - RESERVED + REJECTED CVE-2013-6557 - RESERVED + REJECTED CVE-2013-6556 - RESERVED + REJECTED CVE-2013-6555 - RESERVED + REJECTED CVE-2013-6554 - RESERVED + REJECTED CVE-2013-6553 - RESERVED + REJECTED CVE-2013-6552 - RESERVED + REJECTED CVE-2013-6551 - RESERVED + REJECTED CVE-2013-6550 - RESERVED + REJECTED CVE-2013-6549 - RESERVED + REJECTED CVE-2013-6548 - RESERVED + REJECTED CVE-2013-6547 - RESERVED + REJECTED CVE-2013-6546 - RESERVED + REJECTED CVE-2013-6545 - RESERVED + REJECTED CVE-2013-6544 - RESERVED + REJECTED CVE-2013-6543 - RESERVED + REJECTED CVE-2013-6542 - RESERVED + REJECTED CVE-2013-6541 - RESERVED + REJECTED CVE-2013-6540 - RESERVED + REJECTED CVE-2013-6539 - RESERVED + REJECTED CVE-2013-6538 - RESERVED + REJECTED CVE-2013-6537 - RESERVED + REJECTED CVE-2013-6536 - RESERVED + REJECTED CVE-2013-6535 - RESERVED + REJECTED CVE-2013-6534 - RESERVED + REJECTED CVE-2013-6533 - RESERVED + REJECTED CVE-2013-6532 - RESERVED + REJECTED CVE-2013-6531 - RESERVED + REJECTED CVE-2013-6530 - RESERVED + REJECTED CVE-2013-6529 - RESERVED + REJECTED CVE-2013-6528 - RESERVED + REJECTED CVE-2013-6527 - RESERVED + REJECTED CVE-2013-6526 - RESERVED + REJECTED CVE-2013-6525 - RESERVED + REJECTED CVE-2013-6524 - RESERVED + REJECTED CVE-2013-6523 - RESERVED + REJECTED CVE-2013-6522 - RESERVED + REJECTED CVE-2013-6521 - RESERVED + REJECTED CVE-2013-6520 - RESERVED + REJECTED CVE-2013-6519 - RESERVED + REJECTED CVE-2013-6518 - RESERVED + REJECTED CVE-2013-6517 - RESERVED + REJECTED CVE-2013-6516 - RESERVED + REJECTED CVE-2013-6515 - RESERVED + REJECTED CVE-2013-6514 - RESERVED + REJECTED CVE-2013-6513 - RESERVED + REJECTED CVE-2013-6512 - RESERVED + REJECTED CVE-2013-6511 - RESERVED + REJECTED CVE-2013-6510 - RESERVED + REJECTED CVE-2013-6509 - RESERVED + REJECTED CVE-2013-6508 - RESERVED + REJECTED CVE-2013-6507 - RESERVED + REJECTED CVE-2013-6506 RESERVED CVE-2013-6505 @@ -3447,45 +3447,45 @@ CVE-2013-6268 CVE-2013-6267 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...) NOT-FOR-US: Claroline CVE-2013-6266 - RESERVED + REJECTED CVE-2013-6265 - RESERVED + REJECTED CVE-2013-6264 - RESERVED + REJECTED CVE-2013-6263 - RESERVED + REJECTED CVE-2013-6262 - RESERVED + REJECTED CVE-2013-6261 - RESERVED + REJECTED CVE-2013-6260 - RESERVED + REJECTED CVE-2013-6259 - RESERVED + REJECTED CVE-2013-6258 - RESERVED + REJECTED CVE-2013-6257 - RESERVED + REJECTED CVE-2013-6256 - RESERVED + REJECTED CVE-2013-6255 - RESERVED + REJECTED CVE-2013-6254 - RESERVED + REJECTED CVE-2013-6253 - RESERVED + REJECTED CVE-2013-6252 - RESERVED + REJECTED CVE-2013-6251 - RESERVED + REJECTED CVE-2013-6250 - RESERVED + REJECTED CVE-2013-6249 - RESERVED + REJECTED CVE-2013-6248 - RESERVED + REJECTED CVE-2013-6247 - RESERVED + REJECTED CVE-2013-6246 (The Dell Quest One Password Manager, possibly 5.0, allows remote ...) NOT-FOR-US: Dell Quest One Password Manager CVE-2013-6245 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise ...) @@ -3559,7 +3559,7 @@ CVE-2013-6219 (Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) befo CVE-2013-6218 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, ...) NOT-FOR-US: HP CVE-2013-6217 - RESERVED + REJECTED CVE-2013-6216 (Unspecified vulnerability in HP Array Configuration Utility, Array ...) NOT-FOR-US: HP CVE-2013-6215 (Unspecified vulnerability in the Integration Service in HP Universal ...) @@ -3595,7 +3595,7 @@ CVE-2013-6201 (Unspecified vulnerability in HP Security Management System 3.3.0, CVE-2013-6200 (Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows ...) NOT-FOR-US: HP-UX CVE-2013-6199 - RESERVED + REJECTED CVE-2013-6198 (Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier ...) NOT-FOR-US: HP Service Manager WebTier and Windows Client CVE-2013-6197 (Unspecified vulnerability in HP Service Manager WebTier and Windows ...) @@ -3613,7 +3613,7 @@ CVE-2013-6192 (Cross-site request forgery (CSRF) vulnerability in HP Operations CVE-2013-6191 (Cross-site scripting (XSS) vulnerability in HP Operations ...) NOT-FOR-US: HP Operations Orchestration CVE-2013-6190 - RESERVED + REJECTED CVE-2013-6189 (Unspecified vulnerability in the Archive Query Server in HP ...) NOT-FOR-US: HP Application Information Optimizer CVE-2013-6188 (Cross-site request forgery (CSRF) vulnerability in HP System ...) @@ -3786,55 +3786,55 @@ CVE-2013-6106 CVE-2013-6105 RESERVED CVE-2013-6104 - RESERVED + REJECTED CVE-2013-6103 - RESERVED + REJECTED CVE-2013-6102 - RESERVED + REJECTED CVE-2013-6101 - RESERVED + REJECTED CVE-2013-6100 - RESERVED + REJECTED CVE-2013-6099 - RESERVED + REJECTED CVE-2013-6098 - RESERVED + REJECTED CVE-2013-6097 - RESERVED + REJECTED CVE-2013-6096 - RESERVED + REJECTED CVE-2013-6095 - RESERVED + REJECTED CVE-2013-6094 - RESERVED + REJECTED CVE-2013-6093 - RESERVED + REJECTED CVE-2013-6092 - RESERVED + REJECTED CVE-2013-6091 - RESERVED + REJECTED CVE-2013-6090 - RESERVED + REJECTED CVE-2013-6089 - RESERVED + REJECTED CVE-2013-6088 - RESERVED + REJECTED CVE-2013-6087 - RESERVED + REJECTED CVE-2013-6086 - RESERVED + REJECTED CVE-2013-6085 - RESERVED + REJECTED CVE-2013-6084 - RESERVED + REJECTED CVE-2013-6083 - RESERVED + REJECTED CVE-2013-6082 - RESERVED + REJECTED CVE-2013-6081 - RESERVED + REJECTED CVE-2013-6080 - RESERVED + REJECTED CVE-2013-6079 (Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 ...) NOT-FOR-US: MostGear Soft Easy LAN Folder Share CVE-2013-6078 (The default configuration of EMC RSA BSAFE Toolkits and RSA Data ...) @@ -4007,9 +4007,9 @@ CVE-2013-6010 (Cross-site scripting (XSS) vulnerability in the Comment Attachmen CVE-2013-6009 (CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, ...) NOT-FOR-US: Open-Xchange CVE-2013-6008 - RESERVED + REJECTED CVE-2013-6007 - RESERVED + REJECTED CVE-2013-6006 (Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6005 (Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 ...) @@ -4079,7 +4079,7 @@ CVE-2013-5976 (Cross-site scripting (XSS) vulnerability in the access policy log CVE-2013-5975 (The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 ...) NOT-FOR-US: F5 BIG-IP APM CVE-2013-5974 - RESERVED + REJECTED CVE-2013-5973 (VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to ...) NOT-FOR-US: VMware ESXi and ESX CVE-2013-5972 (VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 ...) @@ -5654,33 +5654,33 @@ CVE-2013-5350 (The "Remember me" feature in the ...) CVE-2013-5349 (Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build ...) NOT-FOR-US: Google Picasa CVE-2013-5348 - RESERVED + REJECTED CVE-2013-5347 - RESERVED + REJECTED CVE-2013-5346 - RESERVED + REJECTED CVE-2013-5345 - RESERVED + REJECTED CVE-2013-5344 - RESERVED + REJECTED CVE-2013-5343 - RESERVED + REJECTED CVE-2013-5342 - RESERVED + REJECTED CVE-2013-5341 - RESERVED + REJECTED CVE-2013-5340 - RESERVED + REJECTED CVE-2013-5339 - RESERVED + REJECTED CVE-2013-5338 - RESERVED + REJECTED CVE-2013-5337 - RESERVED + REJECTED CVE-2013-5336 - RESERVED + REJECTED CVE-2013-5335 - RESERVED + REJECTED CVE-2013-5334 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-5333 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute ...) @@ -6187,67 +6187,67 @@ CVE-2013-5092 (Cross-site scripting (XSS) vulnerability in afa/php/Login.php in CVE-2013-5091 (SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 ...) NOT-FOR-US: vTiger CRM CVE-2013-5090 - RESERVED + REJECTED CVE-2013-5089 - RESERVED + REJECTED CVE-2013-5088 - RESERVED + REJECTED CVE-2013-5087 - RESERVED + REJECTED CVE-2013-5086 - RESERVED + REJECTED CVE-2013-5085 - RESERVED + REJECTED CVE-2013-5084 - RESERVED + REJECTED CVE-2013-5083 - RESERVED + REJECTED CVE-2013-5082 - RESERVED + REJECTED CVE-2013-5081 - RESERVED + REJECTED CVE-2013-5080 - RESERVED + REJECTED CVE-2013-5079 - RESERVED + REJECTED CVE-2013-5078 - RESERVED + REJECTED CVE-2013-5077 - RESERVED + REJECTED CVE-2013-5076 - RESERVED + REJECTED CVE-2013-5075 - RESERVED + REJECTED CVE-2013-5074 - RESERVED + REJECTED CVE-2013-5073 - RESERVED + REJECTED CVE-2013-5072 (Cross-site scripting (XSS) vulnerability in Outlook Web Access in ...) NOT-FOR-US: Microsoft Exchange Server OWA CVE-2013-5071 - RESERVED + REJECTED CVE-2013-5070 - RESERVED + REJECTED CVE-2013-5069 - RESERVED + REJECTED CVE-2013-5068 - RESERVED + REJECTED CVE-2013-5067 - RESERVED + REJECTED CVE-2013-5066 - RESERVED + REJECTED CVE-2013-5065 (NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-5064 - RESERVED + REJECTED CVE-2013-5063 - RESERVED + REJECTED CVE-2013-5062 - RESERVED + REJECTED CVE-2013-5061 - RESERVED + REJECTED CVE-2013-5060 - RESERVED + REJECTED CVE-2013-5059 (Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web ...) NOT-FOR-US: Microsoft SharePoint Server CVE-2013-5058 (Integer overflow in the kernel-mode drivers in Microsoft Windows XP ...) @@ -6257,17 +6257,17 @@ CVE-2013-5057 (hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does n CVE-2013-5056 (Use-after-free vulnerability in the Scripting Runtime Object Library ...) NOT-FOR-US: Microsoft Windows CVE-2013-5055 - RESERVED + REJECTED CVE-2013-5054 (Microsoft Office 2013 and 2013 RT allows remote attackers to discover ...) NOT-FOR-US: Microsoft Office CVE-2013-5053 - RESERVED + REJECTED CVE-2013-5052 (Microsoft Internet Explorer 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5051 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5050 - RESERVED + REJECTED CVE-2013-5049 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5048 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) @@ -6279,13 +6279,13 @@ CVE-2013-5046 (Microsoft Internet Explorer 7 through 11 allows local users to by CVE-2013-5045 (Microsoft Internet Explorer 10 and 11 allows local users to bypass the ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5044 - RESERVED + REJECTED CVE-2013-5043 - RESERVED + REJECTED CVE-2013-5042 (Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR ...) NOT-FOR-US: Microsoft ASP.NET SignalR CVE-2013-5041 - RESERVED + REJECTED CVE-2013-5040 RESERVED CVE-2013-5039 (Cross-site request forgery (CSRF) vulnerability in ...) @@ -6813,7 +6813,7 @@ CVE-2013-4818 (Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, Ice CVE-2013-4817 (Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through ...) NOT-FOR-US: HP CVE-2013-4816 - RESERVED + REJECTED CVE-2013-4815 (Cross-site scripting (XSS) vulnerability in the web interface in HP ...) NOT-FOR-US: HP CVE-2013-4814 (Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View ...) @@ -6839,7 +6839,7 @@ CVE-2013-4805 (Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3 CVE-2013-4804 (Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch ...) NOT-FOR-US: HP Business Process Monitor CVE-2013-4803 - RESERVED + REJECTED CVE-2013-4802 (Cross-site scripting (XSS) vulnerability in HP Application Lifecycle ...) NOT-FOR-US: HP CVE-2013-4801 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...) @@ -9559,7 +9559,7 @@ CVE-2013-3915 (Microsoft Internet Explorer 6 through 11 allows remote attackers CVE-2013-3914 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2013-3913 - RESERVED + REJECTED CVE-2013-3912 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2013-3911 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...) @@ -9577,13 +9577,13 @@ CVE-2013-3906 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2 CVE-2013-3905 (Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does ...) NOT-FOR-US: Microsoft CVE-2013-3904 - RESERVED + REJECTED CVE-2013-3903 (Array index error in win32k.sys in the kernel-mode drivers in ...) NOT-FOR-US: Microsoft Windows CVE-2013-3902 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2013-3901 - RESERVED + REJECTED CVE-2013-3900 (The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2013-3899 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) @@ -9617,9 +9617,9 @@ CVE-2013-3886 (Microsoft Internet Explorer 9 and 10 allows remote attackers to . CVE-2013-3885 (Microsoft Internet Explorer 10 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3884 - RESERVED + REJECTED CVE-2013-3883 - RESERVED + REJECTED CVE-2013-3882 (Microsoft Internet Explorer 10 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3881 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and ...) @@ -9631,7 +9631,7 @@ CVE-2013-3879 (Use-after-free vulnerability in win32k.sys in the kernel-mode dri CVE-2013-3878 (Stack-based buffer overflow in the LRPC client in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows CVE-2013-3877 - RESERVED + REJECTED CVE-2013-3876 (DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...) NOT-FOR-US: Microsoft CVE-2013-3875 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) @@ -9651,7 +9651,7 @@ CVE-2013-3869 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Window CVE-2013-3868 (Microsoft Active Directory Lightweight Directory Service (AD LDS) on ...) NOT-FOR-US: Microsoft CVE-2013-3867 - RESERVED + REJECTED CVE-2013-3866 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-3865 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) @@ -9697,7 +9697,7 @@ CVE-2013-3846 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and CVE-2013-3845 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft CVE-2013-3844 - RESERVED + REJECTED CVE-2013-3842 (Unspecified vulnerability Oracle Solaris 10 allows local users to ...) NOT-FOR-US: Solaris CVE-2013-3841 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...) @@ -9755,11 +9755,11 @@ CVE-2013-3819 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTool CVE-2013-3818 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-3817 - RESERVED + REJECTED CVE-2013-3816 (Unspecified vulnerability in the Oracle Policy Automation component in ...) NOT-FOR-US: Oracle Industry Applications CVE-2013-3815 - RESERVED + REJECTED CVE-2013-3814 (Unspecified vulnerability in the Oracle Retail Invoice Matching ...) NOT-FOR-US: Oracle Industry Applications CVE-2013-3813 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...) @@ -10487,7 +10487,7 @@ CVE-2013-3523 (SQL injection vulnerability in This HTML Is Simple (THIS) before CVE-2013-3522 (SQL injection vulnerability in index.php/ajax/api/reputation/vote in ...) NOT-FOR-US: vBulletin CVE-2013-3521 - RESERVED + REJECTED CVE-2013-3520 (VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not ...) NOT-FOR-US: VMware vCenter Chargeback Manager CVE-2013-3519 (lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x ...) @@ -10908,7 +10908,7 @@ CVE-2013-3320 CVE-2013-3319 (The GetComputerSystem method in the HostControl service in SAP ...) NOT-FOR-US: SAP Netweaver CVE-2013-3318 - RESERVED + REJECTED CVE-2013-3317 RESERVED CVE-2013-3316 @@ -11245,9 +11245,9 @@ CVE-2013-3179 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint CVE-2013-3178 (Microsoft Silverlight 5 before 5.1.20513.0 does not properly ...) NOT-FOR-US: Microsoft Silverlight CVE-2013-3177 - RESERVED + REJECTED CVE-2013-3176 - RESERVED + REJECTED CVE-2013-3175 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...) NOT-FOR-US: Microsoft CVE-2013-3174 (DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...) @@ -11259,17 +11259,17 @@ CVE-2013-3172 (Buffer overflow in win32k.sys in the kernel-mode drivers in Micro CVE-2013-3171 (The serialization functionality in Microsoft .NET Framework 2.0 SP2, ...) NOT-FOR-US: Microsoft CVE-2013-3170 - RESERVED + REJECTED CVE-2013-3169 - RESERVED + REJECTED CVE-2013-3168 - RESERVED + REJECTED CVE-2013-3167 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft CVE-2013-3166 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3165 - RESERVED + REJECTED CVE-2013-3164 (Microsoft Internet Explorer 8 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3163 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...) @@ -11329,7 +11329,7 @@ CVE-2013-3137 (Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which CVE-2013-3136 (The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, ...) NOT-FOR-US: Microsoft CVE-2013-3135 - RESERVED + REJECTED CVE-2013-3134 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-3133 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not ...) @@ -12212,7 +12212,7 @@ CVE-2013-2801 (The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows CVE-2013-2800 (The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows ...) NOT-FOR-US: OSIsoft PI Interface CVE-2013-2799 - RESERVED + REJECTED CVE-2013-2798 (Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2013-2797 @@ -12220,7 +12220,7 @@ CVE-2013-2797 CVE-2013-2796 (Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and ...) NOT-FOR-US: Schneider Electric Vijeo Citect CVE-2013-2795 - RESERVED + REJECTED CVE-2013-2794 (Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, ...) NOT-FOR-US: Triangle MicroWorks SCADA CVE-2013-2793 (Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, ...) @@ -12823,9 +12823,9 @@ CVE-2013-2520 CVE-2013-2519 RESERVED CVE-2013-2518 - RESERVED + REJECTED CVE-2013-2517 - RESERVED + REJECTED CVE-2013-2516 RESERVED CVE-2013-2515 @@ -13367,7 +13367,7 @@ CVE-2013-2356 (HP System Management Homepage (SMH) before 7.2.1 allows remote .. CVE-2013-2355 (HP System Management Homepage (SMH) before 7.2.1 allows remote ...) NOT-FOR-US: HP SMH CVE-2013-2354 - RESERVED + REJECTED CVE-2013-2353 (Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before ...) NOT-FOR-US: HP CVE-2013-2352 (LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage ...) @@ -15833,7 +15833,7 @@ CVE-2013-1662 (vmware-mount in VMware Workstation 8.x and 9.x and VMware Player CVE-2013-1661 (VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly ...) NOT-FOR-US: VMware ESXi CVE-2013-1660 - RESERVED + REJECTED CVE-2013-1659 (VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and ...) NOT-FOR-US: vCenter CVE-2013-1658 @@ -16521,7 +16521,7 @@ CVE-2013-1434 (Multiple SQL injection vulnerabilities in (1) api_poller.php and - cacti 0.8.8b+dfsg-1 NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7394 CVE-2013-1433 - RESERVED + REJECTED CVE-2013-1432 (Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not ...) {DSA-3006-1} - xen 4.3.0-1 @@ -16660,9 +16660,9 @@ CVE-2013-1384 (Adobe Shockwave Player before 12.0.2.122 allows attackers to exec CVE-2013-1383 (Buffer overflow in Adobe Shockwave Player before 12.0.2.122 allows ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-1382 - RESERVED + REJECTED CVE-2013-1381 - RESERVED + REJECTED CVE-2013-1380 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1379 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...) @@ -16775,7 +16775,7 @@ CVE-2013-1328 (Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remot CVE-2013-1327 (Integer signedness error in Microsoft Publisher 2003 SP3 allows remote ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1326 - RESERVED + REJECTED CVE-2013-1325 (Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 ...) NOT-FOR-US: Microsoft CVE-2013-1324 (Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, ...) @@ -16799,7 +16799,7 @@ CVE-2013-1316 (Microsoft Publisher 2003 SP3 does not properly validate the size CVE-2013-1315 (Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; ...) NOT-FOR-US: Microsoft CVE-2013-1314 - RESERVED + REJECTED CVE-2013-1313 (Object Linking and Embedding (OLE) Automation in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows XP CVE-2013-1312 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...) @@ -16831,7 +16831,7 @@ CVE-2013-1300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 CVE-2013-1299 (Microsoft Windows Modern Mail allows remote attackers to spoof link ...) NOT-FOR-US: Microsoft Windows Modern Mail CVE-2013-1298 - RESERVED + REJECTED CVE-2013-1297 (Microsoft Internet Explorer 6 through 8 does not properly restrict ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1296 (The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote ...) @@ -16961,7 +16961,7 @@ CVE-2013-1235 (Cisco Wireless LAN Controller (WLC) devices do not properly addre CVE-2013-1234 (The SNMP module in Cisco IOS XR allows remote authenticated users to ...) NOT-FOR-US: Cisco IOS XR CVE-2013-1233 - RESERVED + REJECTED CVE-2013-1232 (The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings ...) NOT-FOR-US: Cisco WebEx CVE-2013-1231 (The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings ...) @@ -17229,7 +17229,7 @@ CVE-2013-1101 CVE-2013-1100 (The HTTP server in Cisco IOS on Catalyst switches does not properly ...) NOT-FOR-US: Cisco IOS CVE-2013-1099 - RESERVED + REJECTED CVE-2013-1098 RESERVED CVE-2013-1097 (Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in ...) @@ -17274,19 +17274,19 @@ CVE-2013-1079 (Directory traversal vulnerability in the ISCreateObject method in CVE-2013-1078 RESERVED CVE-2013-1077 - RESERVED + REJECTED CVE-2013-1076 - RESERVED + REJECTED CVE-2013-1075 - RESERVED + REJECTED CVE-2013-1074 - RESERVED + REJECTED CVE-2013-1073 - RESERVED + REJECTED CVE-2013-1072 - RESERVED + REJECTED CVE-2013-1071 - RESERVED + REJECTED CVE-2013-1070 (Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as ...) NOT-FOR-US: Ubuntu MAAS CVE-2013-1069 (Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable ...) @@ -18604,7 +18604,7 @@ CVE-2013-0630 (Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x CVE-2013-0629 (Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-0628 - RESERVED + REJECTED CVE-2013-0627 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0626 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...) @@ -19056,7 +19056,7 @@ CVE-2013-0422 (Multiple vulnerabilities in Oracle Java 7 before Update 11 allow - openjdk-7 7u3-2.1.4-1 NOTE: Exploitable on Linux http://www.openwall.com/lists/oss-security/2013/01/11/1 CVE-2013-0421 - RESERVED + REJECTED CVE-2013-0420 (Unspecified vulnerability in the VirtualBox component in Oracle ...) - virtualbox 4.1.18-dfsg-2 (bug #698292) - virtualbox-ose <not-affected> (Vulnerable code not present) @@ -19997,13 +19997,13 @@ CVE-2013-0102 CVE-2013-0101 RESERVED CVE-2013-0100 - RESERVED + REJECTED CVE-2013-0099 - RESERVED + REJECTED CVE-2013-0098 - RESERVED + REJECTED CVE-2013-0097 - RESERVED + REJECTED CVE-2013-0096 (Writer in Microsoft Windows Essentials 2011 and 2012 allows remote ...) NOT-FOR-US: Microsoft CVE-2013-0095 (Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for ...) @@ -20053,91 +20053,91 @@ CVE-2013-0074 (Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.2012 CVE-2013-0073 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-0072 - RESERVED + REJECTED CVE-2013-0071 - RESERVED + REJECTED CVE-2013-0070 - RESERVED + REJECTED CVE-2013-0069 - RESERVED + REJECTED CVE-2013-0068 - RESERVED + REJECTED CVE-2013-0067 - RESERVED + REJECTED CVE-2013-0066 - RESERVED + REJECTED CVE-2013-0065 - RESERVED + REJECTED CVE-2013-0064 - RESERVED + REJECTED CVE-2013-0063 - RESERVED + REJECTED CVE-2013-0062 - RESERVED + REJECTED CVE-2013-0061 - RESERVED + REJECTED CVE-2013-0060 - RESERVED + REJECTED CVE-2013-0059 - RESERVED + REJECTED CVE-2013-0058 - RESERVED + REJECTED CVE-2013-0057 - RESERVED + REJECTED CVE-2013-0056 - RESERVED + REJECTED CVE-2013-0055 - RESERVED + REJECTED CVE-2013-0054 - RESERVED + REJECTED CVE-2013-0053 - RESERVED + REJECTED CVE-2013-0052 - RESERVED + REJECTED CVE-2013-0051 - RESERVED + REJECTED CVE-2013-0050 - RESERVED + REJECTED CVE-2013-0049 - RESERVED + REJECTED CVE-2013-0048 - RESERVED + REJECTED CVE-2013-0047 - RESERVED + REJECTED CVE-2013-0046 - RESERVED + REJECTED CVE-2013-0045 - RESERVED + REJECTED CVE-2013-0044 - RESERVED + REJECTED CVE-2013-0043 - RESERVED + REJECTED CVE-2013-0042 - RESERVED + REJECTED CVE-2013-0041 - RESERVED + REJECTED CVE-2013-0040 - RESERVED + REJECTED CVE-2013-0039 - RESERVED + REJECTED CVE-2013-0038 - RESERVED + REJECTED CVE-2013-0037 - RESERVED + REJECTED CVE-2013-0036 - RESERVED + REJECTED CVE-2013-0035 - RESERVED + REJECTED NOT-FOR-US: Apache CXF CVE-2013-0034 - RESERVED + REJECTED NOT-FOR-US: Apache CXF CVE-2013-0033 - RESERVED + REJECTED CVE-2013-0032 - RESERVED + REJECTED CVE-2013-0031 - RESERVED + REJECTED CVE-2013-0030 (The Vector Markup Language (VML) implementation in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0029 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) @@ -20165,17 +20165,17 @@ CVE-2013-0019 (Use-after-free vulnerability in Microsoft Internet Explorer 7 thr CVE-2013-0018 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0017 - RESERVED + REJECTED CVE-2013-0016 - RESERVED + REJECTED CVE-2013-0015 (Microsoft Internet Explorer 6 through 9 does not properly perform ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0014 - RESERVED + REJECTED CVE-2013-0013 (The SSL provider component in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2013-0012 - RESERVED + REJECTED CVE-2013-0011 (The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-0010 (Cross-site scripting (XSS) vulnerability in Microsoft System Center ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 6ff37e9c02..02ed6efc36 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1327,15 +1327,15 @@ CVE-2014-99999 CVE-2014-9999 REJECTED CVE-2014-9592 - RESERVED + REJECTED CVE-2014-9591 - RESERVED + REJECTED CVE-2014-9590 - RESERVED + REJECTED CVE-2014-9589 - RESERVED + REJECTED CVE-2014-9588 - RESERVED + REJECTED CVE-2014-9586 RESERVED - binpac 0.43-1 @@ -2386,19 +2386,19 @@ CVE-2014-9293 (The config_auth function in ntpd in NTP before 4.2.7p11, when an CVE-2014-9292 (Server-side request forgery (SSRF) vulnerability in proxy.php in the ...) NOT-FOR-US: jRSS WordPress Plugin CVE-2014-9291 - RESERVED + REJECTED CVE-2014-9290 - RESERVED + REJECTED CVE-2014-9289 - RESERVED + REJECTED CVE-2014-9288 - RESERVED + REJECTED CVE-2014-9287 - RESERVED + REJECTED CVE-2014-9286 - RESERVED + REJECTED CVE-2014-9285 - RESERVED + REJECTED CVE-2014-9284 (The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, ...) NOT-FOR-US: Buffalo routers CVE-2014-9283 (The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows ...) @@ -2460,7 +2460,7 @@ CVE-2014-9246 CVE-2014-9245 (Zenoss Core through 5 Beta 3 allows remote attackers to obtain ...) - zenoss <itp> (bug #361253) CVE-2014-9244 - RESERVED + REJECTED CVE-2014-9243 (Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker ...) NOT-FOR-US: WebsiteBaker CVE-2014-9242 (SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker ...) @@ -2488,11 +2488,11 @@ CVE-2014-9235 (Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organize CVE-2014-9234 (Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link ...) NOT-FOR-US: D-link DCS-2103 CVE-2014-9233 - RESERVED + REJECTED CVE-2014-9232 - RESERVED + REJECTED CVE-2014-9231 - RESERVED + REJECTED CVE-2014-9230 (Cross-site scripting (XSS) vulnerability in the administration console ...) NOT-FOR-US: Enforce Server in Symantec Data Loss Prevention CVE-2014-9229 (Multiple SQL injection vulnerabilities in interface PHP scripts in the ...) @@ -2532,7 +2532,7 @@ CVE-2014-9212 (Multiple cross-site scripting (XSS) vulnerabilities in Altitude u CVE-2014-9211 RESERVED CVE-2014-9210 - RESERVED + REJECTED CVE-2014-9209 (Untrusted search path vulnerability in the Clean Utility application ...) NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform CVE-2014-9208 (Multiple stack-based buffer overflows in unspecified DLL files in ...) @@ -2656,17 +2656,17 @@ CVE-2014-9218 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 (master) NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php CVE-2014-9172 - RESERVED + REJECTED CVE-2014-9171 - RESERVED + REJECTED CVE-2014-9170 - RESERVED + REJECTED CVE-2014-9169 - RESERVED + REJECTED CVE-2014-9168 - RESERVED + REJECTED CVE-2014-9167 - RESERVED + REJECTED CVE-2014-9166 (Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows ...) NOT-FOR-US: Adobe ColdFusion CVE-2014-9165 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...) @@ -3235,39 +3235,39 @@ CVE-2014-8986 (Cross-site scripting (XSS) vulnerability in the selection list in CVE-2014-8985 RESERVED CVE-2014-8984 - RESERVED + REJECTED CVE-2014-8983 - RESERVED + REJECTED CVE-2014-8982 - RESERVED + REJECTED CVE-2014-8981 - RESERVED + REJECTED CVE-2014-8980 - RESERVED + REJECTED CVE-2014-8979 - RESERVED + REJECTED CVE-2014-8978 - RESERVED + REJECTED CVE-2014-8977 - RESERVED + REJECTED CVE-2014-8976 - RESERVED + REJECTED CVE-2014-8975 - RESERVED + REJECTED CVE-2014-8974 - RESERVED + REJECTED CVE-2014-8973 - RESERVED + REJECTED CVE-2014-8972 - RESERVED + REJECTED CVE-2014-8971 - RESERVED + REJECTED CVE-2014-8970 - RESERVED + REJECTED CVE-2014-8969 - RESERVED + REJECTED CVE-2014-8968 - RESERVED + REJECTED CVE-2014-8967 (Use-after-free vulnerability in Microsoft Internet Explorer allows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-8966 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...) @@ -3352,23 +3352,23 @@ CVE-2014-8938 CVE-2014-8937 RESERVED CVE-2014-8936 - RESERVED + REJECTED CVE-2014-8935 - RESERVED + REJECTED CVE-2014-8934 - RESERVED + REJECTED CVE-2014-8933 - RESERVED + REJECTED CVE-2014-8932 - RESERVED + REJECTED CVE-2014-8931 - RESERVED + REJECTED CVE-2014-8930 RESERVED CVE-2014-8929 - RESERVED + REJECTED CVE-2014-8928 - RESERVED + REJECTED CVE-2014-8927 (Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License ...) NOT-FOR-US: IBM CVE-2014-8926 (Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License ...) @@ -3504,51 +3504,51 @@ CVE-2014-8866 (The compatibility mode hypercall argument translation in Xen 3.3. - xen 4.4.1-5 (bug #770230) [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts) CVE-2014-8865 - RESERVED + REJECTED CVE-2014-8864 - RESERVED + REJECTED CVE-2014-8863 - RESERVED + REJECTED CVE-2014-8862 - RESERVED + REJECTED CVE-2014-8861 - RESERVED + REJECTED CVE-2014-8860 - RESERVED + REJECTED CVE-2014-8859 - RESERVED + REJECTED CVE-2014-8858 - RESERVED + REJECTED CVE-2014-8857 - RESERVED + REJECTED CVE-2014-8856 - RESERVED + REJECTED CVE-2014-8855 - RESERVED + REJECTED CVE-2014-8854 - RESERVED + REJECTED CVE-2014-8853 - RESERVED + REJECTED CVE-2014-8852 - RESERVED + REJECTED CVE-2014-8851 - RESERVED + REJECTED CVE-2014-8850 - RESERVED + REJECTED CVE-2014-8849 - RESERVED + REJECTED CVE-2014-8848 - RESERVED + REJECTED CVE-2014-8847 - RESERVED + REJECTED CVE-2014-8846 - RESERVED + REJECTED CVE-2014-8845 - RESERVED + REJECTED CVE-2014-8844 - RESERVED + REJECTED CVE-2014-8843 - RESERVED + REJECTED CVE-2014-8842 RESERVED CVE-2014-8841 @@ -3598,7 +3598,7 @@ CVE-2014-8820 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows loc CVE-2014-8819 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows local ...) NOT-FOR-US: Apple CVE-2014-8818 - RESERVED + REJECTED CVE-2014-8817 (coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 ...) NOT-FOR-US: Apple CVE-2014-8816 (CoreGraphics in Apple OS X before 10.10 allows remote attackers to ...) @@ -3895,15 +3895,15 @@ CVE-2014-8653 (Cross-site scripting (XSS) vulnerability in Compal Broadband Netw CVE-2014-8652 (Elipse E3 3.x and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Elipse E3 CVE-2014-8649 - RESERVED + REJECTED CVE-2014-8648 - RESERVED + REJECTED CVE-2014-8647 - RESERVED + REJECTED CVE-2014-8646 - RESERVED + REJECTED CVE-2014-8645 - RESERVED + REJECTED CVE-2014-8644 RESERVED CVE-2014-8643 (Mozilla Firefox before 35.0 on Windows allows remote attackers to ...) @@ -4174,13 +4174,13 @@ CVE-2014-8578 (Cross-site scripting (XSS) vulnerability in the Groups panel in . CVE-2014-8577 (Multiple cross-site scripting (XSS) vulnerabilities in Croogo before ...) NOT-FOR-US: Croogo CVE-2014-8576 - RESERVED + REJECTED CVE-2014-8575 - RESERVED + REJECTED CVE-2014-8574 - RESERVED + REJECTED CVE-2014-8573 - RESERVED + REJECTED CVE-2014-8572 (Huawei AC6605 with software V200R001C00; AC6605 with software ...) NOT-FOR-US: Huawei CVE-2014-8571 (Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 ...) @@ -4519,7 +4519,7 @@ CVE-2014-8470 CVE-2014-8469 (Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in ...) NOT-FOR-US: PHPFox CVE-2014-7401 - RESERVED + REJECTED CVE-2014-8483 (The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 ...) {DSA-3068-1 DSA-3063-1 DLA-168-1} - quassel 0.10.0-2.1 (bug #766962) @@ -4600,7 +4600,7 @@ CVE-2014-8446 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0 CVE-2014-8445 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...) NOT-FOR-US: Adobe Reader CVE-2014-8444 - RESERVED + REJECTED CVE-2014-8443 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-8442 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...) @@ -4773,7 +4773,7 @@ CVE-2014-8376 (Cross-site scripting (XSS) vulnerability in the context administr CVE-2014-8375 (SQL injection vulnerability in GBgallery.php in the GB Gallery ...) NOT-FOR-US: WordPress plugin GB Gallery Slideshow CVE-2014-8374 - RESERVED + REJECTED CVE-2014-8373 (The VMware Remote Console (VMRC) function in VMware vCloud Automation ...) NOT-FOR-US: VMware vCloud Automation Center CVE-2014-8372 (AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote ...) @@ -5042,39 +5042,39 @@ CVE-2014-8744 (Cross-site scripting (XSS) vulnerability in the Nivo Slider modul CVE-2014-8743 (Multiple cross-site scripting (XSS) vulnerabilities in the Maestro ...) NOT-FOR-US: Drupal module Maestro CVE-2014-8292 - RESERVED + REJECTED CVE-2014-8291 - RESERVED + REJECTED CVE-2014-8290 - RESERVED + REJECTED CVE-2014-8289 - RESERVED + REJECTED CVE-2014-8288 - RESERVED + REJECTED CVE-2014-8287 - RESERVED + REJECTED CVE-2014-8286 - RESERVED + REJECTED CVE-2014-8285 - RESERVED + REJECTED CVE-2014-8284 - RESERVED + REJECTED CVE-2014-8283 - RESERVED + REJECTED CVE-2014-8282 - RESERVED + REJECTED CVE-2014-8281 - RESERVED + REJECTED CVE-2014-8280 - RESERVED + REJECTED CVE-2014-8279 - RESERVED + REJECTED CVE-2014-8278 - RESERVED + REJECTED CVE-2014-8277 - RESERVED + REJECTED CVE-2014-8276 - RESERVED + REJECTED CVE-2014-8275 (OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k ...) {DSA-3125-1 DLA-132-1} - openssl 1.0.1k-1 @@ -5148,115 +5148,115 @@ CVE-2014-8244 (Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before CVE-2014-8243 (Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before ...) NOT-FOR-US: Linksys SMART WiFi CVE-2014-8239 - RESERVED + REJECTED CVE-2014-8238 - RESERVED + REJECTED CVE-2014-8237 - RESERVED + REJECTED CVE-2014-8236 - RESERVED + REJECTED CVE-2014-8235 - RESERVED + REJECTED CVE-2014-8234 - RESERVED + REJECTED CVE-2014-8233 - RESERVED + REJECTED CVE-2014-8232 - RESERVED + REJECTED CVE-2014-8231 - RESERVED + REJECTED CVE-2014-8230 - RESERVED + REJECTED CVE-2014-8229 - RESERVED + REJECTED CVE-2014-8228 - RESERVED + REJECTED CVE-2014-8227 - RESERVED + REJECTED CVE-2014-8226 - RESERVED + REJECTED CVE-2014-8225 - RESERVED + REJECTED CVE-2014-8224 - RESERVED + REJECTED CVE-2014-8223 - RESERVED + REJECTED CVE-2014-8222 - RESERVED + REJECTED CVE-2014-8221 - RESERVED + REJECTED CVE-2014-8220 - RESERVED + REJECTED CVE-2014-8219 - RESERVED + REJECTED CVE-2014-8218 - RESERVED + REJECTED CVE-2014-8217 - RESERVED + REJECTED CVE-2014-8216 - RESERVED + REJECTED CVE-2014-8215 - RESERVED + REJECTED CVE-2014-8214 - RESERVED + REJECTED CVE-2014-8213 - RESERVED + REJECTED CVE-2014-8212 - RESERVED + REJECTED CVE-2014-8211 - RESERVED + REJECTED CVE-2014-8210 - RESERVED + REJECTED CVE-2014-8209 - RESERVED + REJECTED CVE-2014-8208 - RESERVED + REJECTED CVE-2014-8207 - RESERVED + REJECTED CVE-2014-8206 - RESERVED + REJECTED CVE-2014-8205 - RESERVED + REJECTED CVE-2014-8204 - RESERVED + REJECTED CVE-2014-8203 - RESERVED + REJECTED CVE-2014-8202 - RESERVED + REJECTED CVE-2014-8201 - RESERVED + REJECTED CVE-2014-8200 - RESERVED + REJECTED CVE-2014-8199 - RESERVED + REJECTED CVE-2014-8198 - RESERVED + REJECTED CVE-2014-8197 - RESERVED + REJECTED CVE-2014-8196 - RESERVED + REJECTED CVE-2014-8195 - RESERVED + REJECTED CVE-2014-8194 - RESERVED + REJECTED CVE-2014-8193 - RESERVED + REJECTED CVE-2014-8192 - RESERVED + REJECTED CVE-2014-8191 - RESERVED + REJECTED CVE-2014-8190 - RESERVED + REJECTED CVE-2014-8189 - RESERVED + REJECTED CVE-2014-8188 - RESERVED + REJECTED CVE-2014-8187 - RESERVED + REJECTED CVE-2014-8186 - RESERVED + REJECTED CVE-2014-8185 - RESERVED + REJECTED CVE-2014-8184 RESERVED CVE-2014-8183 @@ -5783,65 +5783,65 @@ CVE-2014-8069 (Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme . CVE-2014-8068 (Adobe Digital Editions (DE) 4 does not use encryption for transmission ...) NOT-FOR-US: Adobe Digital Editions CVE-2014-8067 - RESERVED + REJECTED CVE-2014-8066 - RESERVED + REJECTED CVE-2014-8065 - RESERVED + REJECTED CVE-2014-8064 - RESERVED + REJECTED CVE-2014-8063 - RESERVED + REJECTED CVE-2014-8062 - RESERVED + REJECTED CVE-2014-8061 - RESERVED + REJECTED CVE-2014-8060 - RESERVED + REJECTED CVE-2014-8059 - RESERVED + REJECTED CVE-2014-8058 - RESERVED + REJECTED CVE-2014-8057 - RESERVED + REJECTED CVE-2014-8056 - RESERVED + REJECTED CVE-2014-8055 - RESERVED + REJECTED CVE-2014-8054 - RESERVED + REJECTED CVE-2014-8053 - RESERVED + REJECTED CVE-2014-8052 - RESERVED + REJECTED CVE-2014-8051 - RESERVED + REJECTED CVE-2014-8050 - RESERVED + REJECTED CVE-2014-8049 - RESERVED + REJECTED CVE-2014-8048 - RESERVED + REJECTED CVE-2014-8047 - RESERVED + REJECTED CVE-2014-8046 - RESERVED + REJECTED CVE-2014-8045 - RESERVED + REJECTED CVE-2014-8044 - RESERVED + REJECTED CVE-2014-8043 - RESERVED + REJECTED CVE-2014-8042 - RESERVED + REJECTED CVE-2014-8041 - RESERVED + REJECTED CVE-2014-8040 - RESERVED + REJECTED CVE-2014-8039 - RESERVED + REJECTED CVE-2014-8038 - RESERVED + REJECTED CVE-2014-8037 RESERVED CVE-2014-8036 (The outlookpa component in Cisco WebEx Meetings Server does not ...) @@ -6254,7 +6254,7 @@ CVE-2014-7889 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point CVE-2014-7888 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...) NOT-FOR-US: The OLE Point of Sale (OPOS) drivers CVE-2014-7887 - RESERVED + REJECTED CVE-2014-7886 RESERVED NOT-FOR-US: HP Network Automation @@ -6548,9 +6548,9 @@ CVE-2014-7808 CVE-2014-7807 (Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows ...) NOT-FOR-US: Apache CloudStack CVE-2014-7806 - RESERVED + REJECTED CVE-2014-7805 - RESERVED + REJECTED CVE-2014-7804 (The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application ...) NOT-FOR-US: Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application for Android CVE-2014-7803 (The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) ...) @@ -6558,7 +6558,7 @@ CVE-2014-7803 (The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) . CVE-2014-7802 (The Top Roller Coasters Europe 2 (aka ...) NOT-FOR-US: Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application for Android CVE-2014-7801 - RESERVED + REJECTED CVE-2014-7800 (The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 ...) NOT-FOR-US: Daily Green (aka it.opentt.blog.dailygreen) application for Android CVE-2014-7799 (The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for ...) @@ -6576,11 +6576,11 @@ CVE-2014-7794 (The Knights of the Void (aka ...) CVE-2014-7793 (The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 ...) NOT-FOR-US: CB - Calciatori Brutti (aka com.calciatori.brutti) application for Android CVE-2014-7792 - RESERVED + REJECTED CVE-2014-7791 (The Backyard Wrestling (aka com.wBackyardWrestling) application 0.1 ...) NOT-FOR-US: Backyard Wrestling (aka com.wBackyardWrestling) application for Android CVE-2014-7790 - RESERVED + REJECTED CVE-2014-7789 (The Zillion Muslims (aka com.zillionmuslims.src) application 1.1 for ...) NOT-FOR-US: Zillion Muslims (aka com.zillionmuslims.src) application for Android CVE-2014-7788 (The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 ...) @@ -6666,7 +6666,7 @@ CVE-2014-7749 (The CamDictionary (aka com.intsig.camdict) application 2.3.0.2013 CVE-2014-7748 (The Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application ...) NOT-FOR-US: Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application for Android CVE-2014-7747 - RESERVED + REJECTED CVE-2014-7746 (The Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings) ...) NOT-FOR-US: Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings) application for Android CVE-2014-7745 (The Flight Manager (aka com.flightmanager.view) application 4.0 for ...) @@ -6684,11 +6684,11 @@ CVE-2014-7740 (The Pony Magazine (aka com.triactivemedia.ponymagazine) applicati CVE-2014-7739 (The Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application 0.1 for ...) NOT-FOR-US: Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application for Android CVE-2014-7738 - RESERVED + REJECTED CVE-2014-7737 (The FMAC : Federation Culinaire (aka com.fmac) application 1.0 for ...) NOT-FOR-US: FMAC : Federation Culinaire (aka com.fmac) application for Android CVE-2014-7736 - RESERVED + REJECTED CVE-2014-7735 (The Dr. Sheikh Adnan Ibrahim (aka com.amitaff.adnanIbrahim) ...) NOT-FOR-US: Dr. Sheikh Adnan Ibrahim (aka com.amitaff.adnanIbrahim) application for Android CVE-2014-7734 (The Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) ...) @@ -6696,13 +6696,13 @@ CVE-2014-7734 (The Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailand CVE-2014-7733 (The Karaf Magazin (aka com.magzter.karafmagazin) application 3.0 for ...) NOT-FOR-US: Karaf Magazin (aka com.magzter.karafmagazin) application for Android CVE-2014-7732 - RESERVED + REJECTED CVE-2014-7731 (The Radio de la Cato (aka com.radio.de.la.cato) application 2.0 for ...) NOT-FOR-US: Radio de la Cato (aka com.radio.de.la.cato) application for Android CVE-2014-7730 - RESERVED + REJECTED CVE-2014-7729 - RESERVED + REJECTED CVE-2014-7728 (The Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) ...) NOT-FOR-US: Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) application for Android CVE-2014-7727 (The Dj Brad H (aka com.dreamstep.wDjBradH) application 0.90 for ...) @@ -6738,21 +6738,21 @@ CVE-2014-7713 (The Skin&Ink Magazine (aka com.triactivemedia.skinandink) app CVE-2014-7712 (The Tiket.com Hotel & Flight (aka com.tiket.gits) application 1.1.2 ...) NOT-FOR-US: Tiket.com Hotel & Flight (aka com.tiket.gits) application for Android CVE-2014-7711 - RESERVED + REJECTED CVE-2014-7710 (The India Today Telugu (aka com.magzter.indiatoday.telugu) application ...) NOT-FOR-US: India Today Telugu (aka com.magzter.indiatoday.telugu) application for Android CVE-2014-7709 - RESERVED + REJECTED CVE-2014-7708 (The Raven - The Culture Lover (aka com.booksbyraven) application 1.60 ...) NOT-FOR-US: Raven - The Culture Lover (aka com.booksbyraven) application for Android CVE-2014-7707 (The Outdoor Design And Living (aka ...) NOT-FOR-US: Outdoor Design And Living (aka com.pocketmagsau.outdoordesignandliving) application for Android CVE-2014-7706 - RESERVED + REJECTED CVE-2014-7705 (The Atkins Diet Free Shopping List (aka ...) NOT-FOR-US: Atkins Diet Free Shopping List (aka com.wAtkinsDietFreeShoppingList) application for Android CVE-2014-7704 - RESERVED + REJECTED CVE-2014-7703 (The Terrorizer Magazine (aka com.triactivemedia.terrorizer) ...) NOT-FOR-US: Terrorizer Magazine (aka com.triactivemedia.terrorizer) application for Android CVE-2014-7702 (The ahtty (aka com.crevation.babylon.ahtty) application 1.97.16 for ...) @@ -6762,7 +6762,7 @@ CVE-2014-7701 (The DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application CVE-2014-7700 (The Flying Fox (aka com.chillingo.slyfoxfree.android.aja) application ...) NOT-FOR-US: Flying Fox (aka com.chillingo.slyfoxfree.android.aja) application for Android CVE-2014-7699 - RESERVED + REJECTED CVE-2014-7698 (The Xinhua International (aka org.xinhua.xnews_international) ...) NOT-FOR-US: Xinhua International (aka org.xinhua.xnews_international) application for Android CVE-2014-7697 (The Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application ...) @@ -6786,13 +6786,13 @@ CVE-2014-7689 (The GzoneRC - The RC Hobby Hub (aka com.wGzoneRC) application 0.1 CVE-2014-7688 (The Home Improvement (aka com.whomeimprovementapp) application 0.1 for ...) NOT-FOR-US: Home Improvement (aka com.whomeimprovementapp) application for Android CVE-2014-7687 - RESERVED + REJECTED CVE-2014-7686 (The So. Co. Business Partnership (aka com.ChamberMe.SCBPSOUTHERNCO) ...) NOT-FOR-US: So. Co. Business Partnership (aka com.ChamberMe.SCBPSOUTHERNCO) application for Android CVE-2014-7685 (The Razer Comms - Gaming Messenger (aka com.razerzone.comms) ...) NOT-FOR-US: Razer Comms - Gaming Messenger (aka com.razerzone.comms) application for Android CVE-2014-7684 - RESERVED + REJECTED CVE-2014-7683 (The Free Canadian Author Previews (aka ...) NOT-FOR-US: Free Canadian Author Previews (aka com.booksellerscanada.authorpreview) application for Android CVE-2014-7682 (The GR8! TV (aka com.magzter.greighttv) application 3.0 for Android ...) @@ -6800,29 +6800,29 @@ CVE-2014-7682 (The GR8! TV (aka com.magzter.greighttv) application 3.0 for Andro CVE-2014-7681 (The VMware vForums 2014 (aka ...) NOT-FOR-US: VMware vForums 2014 (aka com.coreapps.android.followme.vmwarevforums) application for Android CVE-2014-7680 - RESERVED + REJECTED CVE-2014-7679 - RESERVED + REJECTED CVE-2014-7678 - RESERVED + REJECTED CVE-2014-7677 (The Scudetto (aka com.scudetto) application 2.7 for Android does not ...) NOT-FOR-US: Scudetto (aka com.scudetto) application for Android CVE-2014-7676 (The Home Made Air Freshener (aka com.wHomeMadeAirFreshener) ...) NOT-FOR-US: Home Made Air Freshener (aka com.wHomeMadeAirFreshener) application for Android CVE-2014-7675 - RESERVED + REJECTED CVE-2014-7674 (The TicketOne.it (aka it.ticketone.mobile.app.Android) application 2.2 ...) NOT-FOR-US: TicketOne.it (aka it.ticketone.mobile.app.Android) application for Android CVE-2014-7673 - RESERVED + REJECTED CVE-2014-7672 - RESERVED + REJECTED CVE-2014-7671 (The Tekno Apsis (aka com.teknoapsis) application 2.4 for Android does ...) NOT-FOR-US: Tekno Apsis (aka com.teknoapsis) application for Android CVE-2014-7670 (The Motor Town: Machine Soul Free (aka com.alawar.motortownfree) ...) NOT-FOR-US: Motor Town: Machine Soul Free (aka com.alawar.motortownfree) application for Android CVE-2014-7669 - RESERVED + REJECTED CVE-2014-7668 (The Ads Free. Cz advert (aka cz.inzeratyzdarma.cz) application 1.4 for ...) NOT-FOR-US: Ads Free. Cz advert (aka cz.inzeratyzdarma.cz) application for Android CVE-2014-7667 (The Coca-Cola FM Honduras (aka com.enyetech.radio.coca_cola.fm_hn) ...) @@ -6830,13 +6830,13 @@ CVE-2014-7667 (The Coca-Cola FM Honduras (aka com.enyetech.radio.coca_cola.fm_hn CVE-2014-7666 (The American Waterfowler (aka com.magazinecloner.americanwaterfowler) ...) NOT-FOR-US: American Waterfowler (aka com.magazinecloner.americanwaterfowler) application for Android CVE-2014-7665 - RESERVED + REJECTED CVE-2014-7664 (The Bilingual Magic Ball Relajo (aka com.wBilingualMagicBallRelajo) ...) NOT-FOR-US: Bilingual Magic Ball Relajo (aka com.wBilingualMagicBallRelajo) application for Android CVE-2014-7663 (The Right to the Nitty Gritty (aka com.wGoNittyGritty) application 0.1 ...) NOT-FOR-US: Right to the Nitty Gritty (aka com.wGoNittyGritty) application for Android CVE-2014-7662 - RESERVED + REJECTED CVE-2014-7661 (The Masquito Blogger (aka com.wmasquito) application 0.1 for Android ...) NOT-FOR-US: Masquito Blogger (aka com.wmasquito) application for Android CVE-2014-7660 (The Gent Magazine (aka com.magzter.thegentmagazine) application 3.0 ...) @@ -6844,21 +6844,21 @@ CVE-2014-7660 (The Gent Magazine (aka com.magzter.thegentmagazine) application 3 CVE-2014-7659 (The ExpeditersOnline.com Forum (aka com.quoord.tapatalkeo.activity) ...) NOT-FOR-US: ExpeditersOnline.com Forum (aka com.quoord.tapatalkeo.activity) application for Android CVE-2014-7658 - RESERVED + REJECTED CVE-2014-7657 - RESERVED + REJECTED CVE-2014-7656 (The Indian Management (aka com.magzter.indianmanagement) application ...) NOT-FOR-US: Indian Management (aka com.magzter.indianmanagement) application for Android CVE-2014-7655 (The Dresden Transport Museum (aka de.appack.project.vmd) application ...) NOT-FOR-US: Dresden Transport Museum (aka de.appack.project.vmd) application for Android CVE-2014-7654 - RESERVED + REJECTED CVE-2014-7653 - RESERVED + REJECTED CVE-2014-7652 (The Magicam Photo Magic Editor (aka mobi.magicam.editor) application ...) NOT-FOR-US: Magicam Photo Magic Editor (aka mobi.magicam.editor) application for Android CVE-2014-7651 - RESERVED + REJECTED CVE-2014-7650 (The JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application 1.0 ...) NOT-FOR-US: JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application for Android CVE-2014-7649 (The Classic Car Buyer (aka com.magazinecloner.carbuyer) application ...) @@ -6870,7 +6870,7 @@ CVE-2014-7647 (The BOOKING DISCOUNT (aka com.wmygoodhotelscom) application 0.1 f CVE-2014-7646 (The EMT-Paramedic Lite (aka com.wEMTparamedicLite) application 0.1 for ...) NOT-FOR-US: EMT-Paramedic Lite (aka com.wEMTparamedicLite) application for Android CVE-2014-7645 - RESERVED + REJECTED CVE-2014-7644 (The Go MSX MLS (aka ...) NOT-FOR-US: Go MSX MLS (aka com.doapps.android.realestate.RE_16b9c09c4d5b0e174208f35e7c49f9a0) application for Android CVE-2014-7643 (The C.R. Group (aka com.c.r.group) application 1.0 for Android does ...) @@ -6878,19 +6878,19 @@ CVE-2014-7643 (The C.R. Group (aka com.c.r.group) application 1.0 for Android do CVE-2014-7642 (The Pegasus Airlines (aka com.wPegasusAirlines) application ...) NOT-FOR-US: Pegasus Airlines (aka com.wPegasusAirlines) application for Android CVE-2014-7641 - RESERVED + REJECTED CVE-2014-7640 (The Hotel Room (aka com.wHotelRoom) application 0.1 for Android does ...) NOT-FOR-US: Hotel Room (aka com.wHotelRoom) application for Android CVE-2014-7639 - RESERVED + REJECTED CVE-2014-7638 (The Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application ...) NOT-FOR-US: Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application for Android CVE-2014-7637 - RESERVED + REJECTED CVE-2014-7636 (The United Hawk Nation (aka com.united12thman) application 2.1 for ...) NOT-FOR-US: United Hawk Nation (aka com.united12thman) application for Android CVE-2014-7635 - RESERVED + REJECTED CVE-2014-7634 (The Adopt O Pet (aka com.wFindAPet) application 0.1 for Android does ...) NOT-FOR-US: Adopt O Pet (aka com.wFindAPet) application for Android CVE-2014-7633 (The Dino Zoo (aka com.tappocket.dinozoostar) application 1.5 for ...) @@ -6906,15 +6906,15 @@ CVE-2014-7629 (The Yulman Stadium (aka com.dub.app.tulanestadium) application 1. CVE-2014-7628 (The Acorn Comms (aka com.acorncomms.app) application 3.0 for Android ...) NOT-FOR-US: Acorn Comms (aka com.acorncomms.app) application for Android CVE-2014-7627 - RESERVED + REJECTED CVE-2014-7626 (The Atme (aka com.bedigital.atme) application 1.0.10 for Android does ...) NOT-FOR-US: Atme (aka com.bedigital.atme) application for Android CVE-2014-7625 - RESERVED + REJECTED CVE-2014-7624 (The Guess the Pixel Character Quiz (aka com.aiadp.pixelcQuiz) ...) NOT-FOR-US: Guess the Pixel Character Quiz (aka com.aiadp.pixelcQuiz) application for Android CVE-2014-7623 - RESERVED + REJECTED CVE-2014-7622 (The Affinity Mobile ATM Locator (aka ...) NOT-FOR-US: Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locator) application for Android CVE-2014-7621 (The EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application 1.1 ...) @@ -6922,7 +6922,7 @@ CVE-2014-7621 (The EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) applicatio CVE-2014-7620 (The Authors On Tour - Live! (aka com.appmakr.app122286) application 4 ...) NOT-FOR-US: Authors On Tour - Live! (aka com.appmakr.app122286) application for Android CVE-2014-7619 - RESERVED + REJECTED CVE-2014-7618 (The Interior Design (aka com.interior.design.mcreda) application 1.0 ...) NOT-FOR-US: Interior Design (aka com.interior.design.mcreda) application for Android CVE-2014-7617 (The www.roads365.com (aka ydx.android) application 1.0.1 for Android ...) @@ -6930,7 +6930,7 @@ CVE-2014-7617 (The www.roads365.com (aka ydx.android) application 1.0.1 for Andr CVE-2014-7616 (The Physics Forums (aka com.tapatalk.physicsforumscom) application ...) NOT-FOR-US: Physics Forums (aka com.tapatalk.physicsforumscom) application for Android CVE-2014-7615 - RESERVED + REJECTED CVE-2014-7614 (The Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application ...) NOT-FOR-US: Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application for Android CVE-2014-7613 (The WASPS Official Programmes (aka com.triactivemedia.wasps) ...) @@ -6958,11 +6958,11 @@ CVE-2014-7603 (The Gravey Design (aka com.dreamstep.wGraveyDesign) application . CVE-2014-7602 (The FRONT (aka com.magazinecloner.front) application @7F08017A for ...) NOT-FOR-US: FRONT (aka com.magazinecloner.front) application for Android CVE-2014-7601 - RESERVED + REJECTED CVE-2014-7600 - RESERVED + REJECTED CVE-2014-7599 - RESERVED + REJECTED CVE-2014-7598 (The Poker Puzzle (aka com.sharpiq.pokerpuzzle) application 1.0.0 for ...) NOT-FOR-US: Poker Puzzle (aka com.sharpiq.pokerpuzzle) application for Android CVE-2014-7597 (The Fabulas Infantiles (aka com.mobincube.android.sc_9I1A3) ...) @@ -6972,7 +6972,7 @@ CVE-2014-7596 (The Paramore (aka uk.co.pixelkicks.paramore) application 2.3.4 fo CVE-2014-7595 (The devada.co.uk (aka com.wdevadacouk) application 1.2 for Android ...) NOT-FOR-US: devada.co.uk (aka com.wdevadacouk) application for Android CVE-2014-7594 - RESERVED + REJECTED CVE-2014-7593 (The Mr Whippet - Yorkshire Ice (aka com.appytimes.ice) application 1.1 ...) NOT-FOR-US: Mr Whippet - Yorkshire Ice (aka com.appytimes.ice) application for Android CVE-2014-7592 (The FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) ...) @@ -6984,17 +6984,17 @@ CVE-2014-7590 (The WebPromoExperts (aka ua.com.webpromoexperts) application 1.8 CVE-2014-7589 (The Industrial and Commercial Bank of China (ICBC) Banking (aka ...) NOT-FOR-US: Industrial and Commercial Bank of China (ICBC) Banking (aka com.icbc.android) application for Android CVE-2014-7588 - RESERVED + REJECTED CVE-2014-7587 (The Blocked in Free (aka com.blueup.blocked) application 1.0 for ...) NOT-FOR-US: Blocked in Free (aka com.blueup.blocked) application for Android CVE-2014-7586 - RESERVED + REJECTED CVE-2014-7585 (The Biplane Forum (aka com.gcspublishing.biplaneforum) application ...) NOT-FOR-US: Biplane Forum (aka com.gcspublishing.biplaneforum) application for Android CVE-2014-7584 (The ACN2GO (aka com.dataparadigm.acnmobile) application 1.7 for ...) NOT-FOR-US: ACN2GO (aka com.dataparadigm.acnmobile) application for Android CVE-2014-7583 - RESERVED + REJECTED CVE-2014-7582 (The Water Lateral Sizer (aka com.wWaterLateralSizer) application 1.2 ...) NOT-FOR-US: Water Lateral Sizer (aka com.wWaterLateralSizer) application for Android CVE-2014-7581 (The Quotes of Travis Barker (aka com.celebrity_quotes.travisbarker) ...) @@ -7002,7 +7002,7 @@ CVE-2014-7581 (The Quotes of Travis Barker (aka com.celebrity_quotes.travisbarke CVE-2014-7580 (The Thailand Investor News (aka nudecreative.thaistock.set) ...) NOT-FOR-US: Thailand Investor News (aka nudecreative.thaistock.set) application for Android CVE-2014-7579 - RESERVED + REJECTED CVE-2014-7578 (The Bieber News Now (aka com.jbnews) application 12.0.5 for Android ...) NOT-FOR-US: Bieber News Now (aka com.jbnews) application for Android CVE-2014-7577 (The B&H Photo Video Pro Audio (aka com.bhphoto) application 2.5.1 for ...) @@ -7012,7 +7012,7 @@ CVE-2014-7576 (The Chien Binh Bakugan 2 LongTieng (aka ...) CVE-2014-7575 (The eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) ...) NOT-FOR-US: eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) application for Android CVE-2014-7574 - RESERVED + REJECTED CVE-2014-7573 (The droid Survey Offline Forms (aka com.contact.droidSURVEY) ...) NOT-FOR-US: droid Survey Offline Forms (aka com.contact.droidSURVEY) application for Android CVE-2014-7572 (The Stoner's Handbook L- Bud Guide (aka ...) @@ -7038,7 +7038,7 @@ CVE-2014-7563 (The Tactical Force LLC (aka ...) CVE-2014-7562 (The Health Advocate SmartHelp (aka com.healthadvocate.ui) application ...) NOT-FOR-US: Health Advocate SmartHelp (aka com.healthadvocate.ui) application for Android CVE-2014-7561 - RESERVED + REJECTED CVE-2014-7560 (The Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) ...) NOT-FOR-US: Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) application for Android CVE-2014-7559 (The InstaTalks (aka com.natrobit.instatalks) application 1.3.1 for ...) @@ -7048,7 +7048,7 @@ CVE-2014-7558 (The Everest Poker (aka com.wEverestPoker) application 0.1 for And CVE-2014-7557 (The zroadster.com (aka com.tapatalk.zroadstercomforum) application ...) NOT-FOR-US: zroadster.com (aka com.tapatalk.zroadstercomforum) application for Android CVE-2014-7556 - RESERVED + REJECTED CVE-2014-7555 (The Apparound BLEND (aka com.apparound.mobile.catalogo) application ...) NOT-FOR-US: Apparound BLEND (aka com.apparound.mobile.catalogo) application for Android CVE-2014-7554 (The Bouqs - Flowers Simplified (aka com.bouqs.activity) application ...) @@ -7062,15 +7062,15 @@ CVE-2014-7551 (The Noticias Bebes Beybies (aka com.beybies) application 1.0 for CVE-2014-7550 (The basketball news & videos (aka com.basketbal.news.caesar) ...) NOT-FOR-US: basketball news & videos (aka com.basketbal.news.caesar) application for Android CVE-2014-7549 - RESERVED + REJECTED CVE-2014-7548 - RESERVED + REJECTED CVE-2014-7547 (The Texas Poker Unlimited Hold'em (aka ...) NOT-FOR-US: Texas Poker Unlimited Hold'em (aka com.fpinternet.texaspokerunlimitedholdem) application for Android CVE-2014-7546 (The Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application ...) NOT-FOR-US: Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application for Android CVE-2014-7545 - RESERVED + REJECTED CVE-2014-7544 (The Secret City - Motion Comic (aka ...) NOT-FOR-US: Secret City - Motion Comic (aka me.narr8.android.serial.the_secret_city) application for Android CVE-2014-7543 (The Blood (aka com.sheridan.ash) application 2.1 for Android does not ...) @@ -7078,15 +7078,15 @@ CVE-2014-7543 (The Blood (aka com.sheridan.ash) application 2.1 for Android does CVE-2014-7542 (The l'Informatiu (aka com.linformatiu.spm) application 2.0 for Android ...) NOT-FOR-US: l'Informatiu (aka com.linformatiu.spm) application for Android CVE-2014-7541 - RESERVED + REJECTED CVE-2014-7540 - RESERVED + REJECTED CVE-2014-7539 (The Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application ...) NOT-FOR-US: Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application for Android CVE-2014-7538 (The Headlines news India (aka com.dreamstep.wHEADLINESNEWSINDIA) ...) NOT-FOR-US: Headlines news India (aka com.dreamstep.wHEADLINESNEWSINDIA) application for Android CVE-2014-7537 - RESERVED + REJECTED CVE-2014-7536 (The Service Academy Forums (aka com.tapatalk.serviceacademyforumscom) ...) NOT-FOR-US: Service Academy Forums (aka com.tapatalk.serviceacademyforumscom) application for Android CVE-2014-7535 (The Classic Racer (aka com.triactivemedia.classicracer) application ...) @@ -7098,7 +7098,7 @@ CVE-2014-7533 (The NotreDame Seguradora (aka br.com.notredame.mobile.NotreDame) CVE-2014-7532 (The GES Agri Connect (aka com.wAgriConnect) application 0.1 for ...) NOT-FOR-US: GES Agri Connect (aka com.wAgriConnect) application for Android CVE-2014-7531 - RESERVED + REJECTED CVE-2014-7530 (The PRIX IMPORT (aka com.myapphone.android.myapppriximport) ...) NOT-FOR-US: PRIX IMPORT (aka com.myapphone.android.myapppriximport) application for Android CVE-2014-7529 (The Bodyguard for Hire (aka com.dreamstep.wBodyGuardforHire) ...) @@ -7132,13 +7132,13 @@ CVE-2014-7516 (The Central East LHIN News (aka com.wCentralEastLHINNews) applica CVE-2014-7515 (The Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) ...) NOT-FOR-US: Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) application for Android CVE-2014-7514 - RESERVED + REJECTED CVE-2014-7513 (The Top Hangover Cures (aka com.TopHangoverCures) application 1.2 for ...) NOT-FOR-US: Top Hangover Cures (aka com.TopHangoverCures) application for Android CVE-2014-7512 - RESERVED + REJECTED CVE-2014-7511 - RESERVED + REJECTED CVE-2014-7510 (The Graffit It (aka com.presenttechnologies.graffitit) application ...) NOT-FOR-US: Graffit It (aka com.presenttechnologies.graffitit) application for Android CVE-2014-7509 (The A Very Short History of Japan (aka com.ireadercity.c51) ...) @@ -7152,15 +7152,15 @@ CVE-2014-7506 (The Realtime Music Rank (aka com.blogspot.imapp.immusicrank2) ... CVE-2014-7505 (The AppTalk (aka com.chatatami.apptalk) application 1.4.8 for Android ...) NOT-FOR-US: AppTalk (aka com.chatatami.apptalk) application for Android CVE-2014-7504 - RESERVED + REJECTED CVE-2014-7503 - RESERVED + REJECTED CVE-2014-7502 (The Escucha elDiario.es (aka es.lacabradev.escuchaeldiario) ...) NOT-FOR-US: Escucha elDiario.es (aka es.lacabradev.escuchaeldiario) application for Android CVE-2014-7501 (The Translation Widget (aka com.wTranslationGadget) application 0.1 ...) NOT-FOR-US: Translation Widget (aka com.wTranslationGadget) application for Android CVE-2014-7500 - RESERVED + REJECTED CVE-2014-7499 (The Sword (aka com.ireadercity.c25) application 3.0.2 for Android does ...) NOT-FOR-US: Sword (aka com.ireadercity.c25) application for Android CVE-2014-7498 (The Space Cinema (aka it.thespacecinema.android) application 2.0.6 for ...) @@ -7168,7 +7168,7 @@ CVE-2014-7498 (The Space Cinema (aka it.thespacecinema.android) application 2.0. CVE-2014-7497 (The Portfolium (aka com.wPortfolium) application 0.1 for Android does ...) NOT-FOR-US: Portfolium (aka com.wPortfolium) application for Android CVE-2014-7496 - RESERVED + REJECTED CVE-2014-7495 (The LogosQuest - Beginnings (aka com.wLogosQuest) application 1.0 for ...) NOT-FOR-US: LogosQuest - Beginnings (aka com.wLogosQuest) application for Android CVE-2014-7494 (The Kontan Kiosk (aka com.appsfoundry.scoopwl.id.kontankiosk) ...) @@ -7182,7 +7182,7 @@ CVE-2014-7491 (The Short Stories (aka com.ireadercity.c48) application 3.0.2 for CVE-2014-7490 (The Menaka - Marathi (aka com.magzter.menakamarathi) application 3.0 ...) NOT-FOR-US: Menaka - Marathi (aka com.magzter.menakamarathi) application for Android CVE-2014-7489 - RESERVED + REJECTED CVE-2014-7488 (The Vineyard All In (aka com.wVineyardAllIn) application 0.1 for ...) NOT-FOR-US: Vineyard All In (aka com.wVineyardAllIn) application for Android CVE-2014-7487 (The ADT Aesthetic Dentistry Today (aka ...) @@ -7196,25 +7196,25 @@ CVE-2014-7484 (The Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_g CVE-2014-7483 (The Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) ...) NOT-FOR-US: Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) application for Android CVE-2014-7482 - RESERVED + REJECTED CVE-2014-7481 (The ETG Hosting (aka com.etg.web.hosting) application 2.0 for Android ...) NOT-FOR-US: ETG Hosting (aka com.etg.web.hosting) application for Android CVE-2014-7480 - RESERVED + REJECTED CVE-2014-7479 - RESERVED + REJECTED CVE-2014-7478 (The nashaplaneta.su (aka com.wNashaPlaneta) application 1.02 for ...) NOT-FOR-US: nashaplaneta.su (aka com.wNashaPlaneta) application for Android CVE-2014-7477 - RESERVED + REJECTED CVE-2014-7476 (The Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) ...) NOT-FOR-US: Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) application for Android CVE-2014-7475 (The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android ...) NOT-FOR-US: Ionic View (aka com.ionic.viewapp) application for Android CVE-2014-7474 - RESERVED + REJECTED CVE-2014-7473 - RESERVED + REJECTED CVE-2014-7472 (The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application ...) NOT-FOR-US: CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application for Android CVE-2014-7471 (The international-arbitration-attorney.com (aka ...) @@ -7254,11 +7254,11 @@ CVE-2014-7455 (The Zoella Unofficial (aka com.automon.ay.zoella) application 1.4 CVE-2014-7454 (The Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) ...) NOT-FOR-US: Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) application for Android CVE-2014-7453 - RESERVED + REJECTED CVE-2014-7452 (The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0 ...) NOT-FOR-US: Shaklee Product Catalog (aka com.wProductCatalog) application for Android CVE-2014-7451 - RESERVED + REJECTED CVE-2014-7450 (The allnurses (aka com.tapatalk.allnursescom) application 3.4.10 for ...) NOT-FOR-US: allnurses (aka com.tapatalk.allnursescom) application for Android CVE-2014-7449 (The My NGEMC Account (aka com.ngemc.smartapps) application 1.153.0034 ...) @@ -7276,15 +7276,15 @@ CVE-2014-7444 (The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for . CVE-2014-7443 (The Face Fun Photo Collage Maker 2 (aka ...) NOT-FOR-US: Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagemaker2) application for Android CVE-2014-7442 - RESERVED + REJECTED CVE-2014-7441 (The Pakan Ken Tube (aka com.PakanKen) application 0.1 for Android does ...) NOT-FOR-US: Pakan Ken Tube (aka com.PakanKen) application for Android CVE-2014-7440 - RESERVED + REJECTED CVE-2014-7439 (The bene+ odmeny a slevy (aka cz.gemoney.bene.android) application ...) NOT-FOR-US: bene+ odmeny a slevy (aka cz.gemoney.bene.android) application for Android CVE-2014-7438 - RESERVED + REJECTED NOT-FOR-US: pbm2l2030 printer driver CVE-2014-7437 (The Love Horoscope Guide (aka com.charl.charlylovehoroscopes) ...) NOT-FOR-US: Love Horoscope Guide (aka com.charl.charlylovehoroscopes) application for Android @@ -7303,13 +7303,13 @@ CVE-2014-7431 (The Breeze Jersey (aka com.sc.breezeje.banking) application 1.0 f CVE-2014-7430 (The Flood-It (aka com.appspot.eoltek.flood) application 4.2 for ...) NOT-FOR-US: Flood-It (aka com.appspot.eoltek.flood) application for Android CVE-2014-7429 - RESERVED + REJECTED CVE-2014-7428 (The 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) ...) NOT-FOR-US: 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) application for Android CVE-2014-7427 (The Hunting Trophy Whitetails (aka com.wHuntingTrophyWhitetails) ...) NOT-FOR-US: Hunting Trophy Whitetails (aka com.wHuntingTrophyWhitetails) application for Android CVE-2014-7426 - RESERVED + REJECTED CVE-2014-7425 (The Doodle Devil Free (aka com.joybits.doodledevil_free) application ...) NOT-FOR-US: Doodle Devil Free (aka com.joybits.doodledevil_free) application for Android CVE-2014-7424 (The Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) ...) @@ -7337,9 +7337,9 @@ CVE-2014-7414 (The CLEO Malaysia (aka com.magzter.cleomalaysia) application 3.01 CVE-2014-7413 (The Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) ...) NOT-FOR-US: Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) application for Android CVE-2014-7412 - RESERVED + REJECTED CVE-2014-7411 - RESERVED + REJECTED CVE-2014-7410 (The Aptallik Testi (aka com.wAptallikTesti) application 4.0 for ...) NOT-FOR-US: Aptallik Testi (aka com.wAptallikTesti) application for Android CVE-2014-7409 (The Liburan Hemat (aka com.liburan.bro) application 1.0 for Android ...) @@ -7353,11 +7353,11 @@ CVE-2014-7406 (The Deakin University (aka ...) CVE-2014-7405 (The Belaire Family Orthodontics (aka com.app_bf.layout) application ...) NOT-FOR-US: Belaire Family Orthodontics (aka com.app_bf.layout) application for Android CVE-2014-7404 - RESERVED + REJECTED CVE-2014-7403 (The NZHondas.com (aka com.tapatalk.nzhondascom) application 3.6.14 for ...) NOT-FOR-US: NZHondas.com (aka com.tapatalk.nzhondascom) application for Android CVE-2014-7400 - RESERVED + REJECTED CVE-2014-7399 (The Suzanne Glathar (aka com.app_sglathar.layout) application 1.399 ...) NOT-FOR-US: Suzanne Glathar (aka com.app_sglathar.layout) application for Android CVE-2014-7398 (The Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application 1.0 ...) @@ -7385,17 +7385,17 @@ CVE-2014-7388 (The Sunday Indian Oriya (aka com.magzter.thesundayindianoriya) .. CVE-2014-7387 (The ACC Advocacy Action (aka com.acc.app.android.ui) application 2.0 ...) NOT-FOR-US: ACC Advocacy Action (aka com.acc.app.android.ui) application for Android CVE-2014-7386 - RESERVED + REJECTED CVE-2014-7385 (The Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) ...) NOT-FOR-US: Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) application for Android CVE-2014-7384 (The Joe's Lawn Service (aka com.appexpress.joeslawnservice) ...) NOT-FOR-US: Joe's Lawn Service (aka com.appexpress.joeslawnservice) application for Android CVE-2014-7383 - RESERVED + REJECTED CVE-2014-7382 (The Alternative Connection (aka com.wAlternativeConnection) ...) NOT-FOR-US: Alternative Connection (aka com.wAlternativeConnection) application for Android CVE-2014-7381 - RESERVED + REJECTED CVE-2014-7380 (The Cedar Kiosk (aka com.apps2you.cedarkiosk) application 1.1 for ...) NOT-FOR-US: Cedar Kiosk (aka com.apps2you.cedarkiosk) application for Android CVE-2014-7379 (The Kiddie Kinderschoenen (aka nl.eigenwinkelapp.kiddiekinderschoenen) ...) @@ -7403,7 +7403,7 @@ CVE-2014-7379 (The Kiddie Kinderschoenen (aka nl.eigenwinkelapp.kiddiekinderscho CVE-2014-7378 (The Jobranco (aka com.jobranco) application 1.1 for Android does not ...) NOT-FOR-US: Jobranco (aka com.jobranco) application for Android CVE-2014-7377 - RESERVED + REJECTED CVE-2014-7376 (The Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) ...) NOT-FOR-US: Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) application for Android CVE-2014-7375 (The Childcare (aka com.app_macchildcare.layout) application 1.399 for ...) @@ -7427,11 +7427,11 @@ CVE-2014-7367 (The TuS 1947 Radis (aka com.tus1947radis) application 1.0 for And CVE-2014-7366 (The Identity (aka com.magzter.identity) application 3.01 for Android ...) NOT-FOR-US: Identity (aka com.magzter.identity) application for Android CVE-2014-7365 - RESERVED + REJECTED CVE-2014-7364 (The Promotional Items (aka com.wPromotionalItems) application 0.1 for ...) NOT-FOR-US: Promotional Items (aka com.wPromotionalItems) application for Android CVE-2014-7363 - RESERVED + REJECTED CVE-2014-7362 (The Naranjas Con Tocados (aka com.NaranjasConTocados.com) application ...) NOT-FOR-US: Naranjas Con Tocados (aka com.NaranjasConTocados.com) application for Android CVE-2014-7361 (The Harry's Pub (aka com.emunching.harryspub) application 1.0.0 for ...) @@ -7445,9 +7445,9 @@ CVE-2014-7358 (The Vermont Powder (aka com.concursive.vermontpowder) application CVE-2014-7357 (The Grandparenting is Great (aka com.app_gig.layout) application 1.400 ...) NOT-FOR-US: Grandparenting is Great (aka com.app_gig.layout) application for Android CVE-2014-7356 - RESERVED + REJECTED CVE-2014-7355 - RESERVED + REJECTED CVE-2014-7354 (The Penumbra eMag (aka com.magzter.penumbraemag) application 3.0 for ...) NOT-FOR-US: Penumbra eMag (aka com.magzter.penumbraemag) application for Android CVE-2014-7353 (The JAZAN 24 (aka com.jazan24.Mcreda) application 1.0 for Android does ...) @@ -7457,13 +7457,13 @@ CVE-2014-7352 (The India's Anthem (aka appinventor.ai_opalfoxy83.India_Anthem) . CVE-2014-7351 (The GLOBAL MOVIE MAGAZINE (aka com.magzter.globalmoviemagazine) ...) NOT-FOR-US: GLOBAL MOVIE MAGAZINE (aka com.magzter.globalmoviemagazine) application for Android CVE-2014-7350 - RESERVED + REJECTED CVE-2014-7349 - RESERVED + REJECTED CVE-2014-7348 (The HOT CARS (aka com.magzter.hotcars) application 3.0 for Android ...) NOT-FOR-US: HOT CARS (aka com.magzter.hotcars) application for Android CVE-2014-7347 - RESERVED + REJECTED CVE-2014-7346 (The Bespoke (aka com.magzter.bespoke) application 3.0 for Android does ...) NOT-FOR-US: Bespoke (aka com.magzter.bespoke) application for Android CVE-2014-7345 (The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4.0 ...) @@ -7471,7 +7471,7 @@ CVE-2014-7345 (The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4 CVE-2014-7344 (The Classic Arms & Militaria (aka com.magazinecloner.classicarmsandm) ...) NOT-FOR-US: Classic Arms & Militaria (aka com.magazinecloner.classicarmsandm) application for Android CVE-2014-7343 - RESERVED + REJECTED CVE-2014-7342 (The Echo News (aka com.solo.report) 1.10 application (beta) for ...) NOT-FOR-US: Echo News (aka com.solo.report) 1.10 application for Android CVE-2014-7341 (The SAsync (aka com.sasync.sasyncmap) application 1.2.0 for Android ...) @@ -7493,7 +7493,7 @@ CVE-2014-7334 (The Where Dallas (aka com.magzter.wheredallas) application 3.0.2 CVE-2014-7333 (The Aloha Guide (aka com.aloha.guide.japnese) application 1.3 for ...) NOT-FOR-US: Aloha Guide (aka com.aloha.guide.japnese) application for Android CVE-2014-7332 - RESERVED + REJECTED CVE-2014-7331 (The TodaysSeniorsNetwork (aka com.wTodaysSeniorsNetwork) application ...) NOT-FOR-US: TodaysSeniorsNetwork (aka com.wTodaysSeniorsNetwork) application for Android CVE-2014-7330 (The XtendCU Mobile (aka com.metova.cuae.xtend) application 1.0.28 for ...) @@ -7509,19 +7509,19 @@ CVE-2014-7326 (The ETA Mobile (aka com.en2grate.etamobile) application 1.6.6 for CVE-2014-7325 (The Business Intelligence (aka com.magzter.businessintelligence) ...) NOT-FOR-US: Business Intelligence (aka com.magzter.businessintelligence) application for Android CVE-2014-7324 - RESERVED + REJECTED CVE-2014-7323 (The Dignity Dialogue (aka com.magzter.dignitydialogue) application 3.0 ...) NOT-FOR-US: Dignity Dialogue (aka com.magzter.dignitydialogue) application for Android CVE-2014-7322 - RESERVED + REJECTED CVE-2014-7321 (The Firenze map (aka com.wFirenzemap) application 0.1 for Android does ...) NOT-FOR-US: Firenze map (aka com.wFirenzemap) application for Android CVE-2014-7320 (The SHIRAKABA (aka com.SHIRAKABA) application 1.0 for Android does not ...) NOT-FOR-US: SHIRAKABA (aka com.SHIRAKABA) application for Android CVE-2014-7319 - RESERVED + REJECTED CVE-2014-7318 - RESERVED + REJECTED CVE-2014-7317 (The Aloha Bail Bonds (aka com.onesolutionapps.alohabailbondsandroid) ...) NOT-FOR-US: Aloha Bail Bonds (aka com.onesolutionapps.alohabailbondsandroid) application for Android CVE-2014-7316 (The Safe Arrival (aka com.synrevoice.safearrival) application 1.2 for ...) @@ -7533,15 +7533,15 @@ CVE-2014-7314 (The Intelligent SME (aka com.magzter.intelligentsme) application CVE-2014-7313 (The One You Fitness (aka com.app_oneyou.layout) application 1.399 for ...) NOT-FOR-US: One You Fitness (aka com.app_oneyou.layout) application for Android CVE-2014-7312 - RESERVED + REJECTED CVE-2014-7311 - RESERVED + REJECTED CVE-2014-7310 (The Ali Visual (aka com.ali.visual) application 1.0 for Android does ...) NOT-FOR-US: Ali Visual (aka com.ali.visual) application for Android CVE-2014-7309 (The Where2Stop-Cardlocks-Free (aka ...) NOT-FOR-US: Where2Stop-Cardlocks-Free (aka appinventor.ai_kidatheart99.Where2Stop_Cardlocks) application for Android CVE-2014-7308 - RESERVED + REJECTED CVE-2014-7307 (The ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) ...) NOT-FOR-US: ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) application for Android CVE-2014-7306 @@ -7691,9 +7691,9 @@ CVE-2014-7246 (The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10. NOT-FOR-US: OpenAM (SSO Server) NOTE: This is not the openam answering machine. CVE-2014-7245 - RESERVED + REJECTED CVE-2014-7244 - RESERVED + REJECTED CVE-2014-7243 (LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not ...) NOT-FOR-US: LG Routers CVE-2014-7242 @@ -7754,15 +7754,15 @@ CVE-2014-7217 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin CVE-2014-7216 (Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 ...) NOT-FOR-US: Yahoo CVE-2014-7215 - RESERVED + REJECTED CVE-2014-7214 - RESERVED + REJECTED CVE-2014-7213 - RESERVED + REJECTED CVE-2014-7212 - RESERVED + REJECTED CVE-2014-7211 - RESERVED + REJECTED CVE-2014-7210 [pdns in Debian creates too privileged MySQL user] RESERVED {DLA-492-1} @@ -7994,13 +7994,13 @@ CVE-2014-7135 (The Ayuntamiento de Coana (aka com.wInfoCoa) application 0.2 for CVE-2014-7134 (The PROF. USMAN ALI AWHEELA (aka com.wPROFUAAWHEELA) application 2.1 ...) NOT-FOR-US: PROF. USMAN ALI AWHEELA (aka com.wPROFUAAWHEELA) application for Android CVE-2014-7133 - RESERVED + REJECTED CVE-2014-7132 (The Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application ...) NOT-FOR-US: Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application for Android CVE-2014-7131 (The Digital Content NewFronts 2014 (aka ...) NOT-FOR-US: Digital Content NewFronts 2014 (aka com.coreapps.android.followme.newfronts2014) application for Android CVE-2014-7130 - RESERVED + REJECTED CVE-2014-7129 (The Argus Leader Print Edition (aka com.argusleader.android.prod) ...) NOT-FOR-US: Argus Leader Print Edition (aka com.argusleader.android.prod) application for Android CVE-2014-7128 (The Toyota OC (aka com.tapatalk.toyotaownersclubcomforums) application ...) @@ -8008,7 +8008,7 @@ CVE-2014-7128 (The Toyota OC (aka com.tapatalk.toyotaownersclubcomforums) applic CVE-2014-7127 (The Football Espana magazine (aka com.triactivemedia.footballespana) ...) NOT-FOR-US: Football Espana magazine (aka com.triactivemedia.footballespana) application for Android CVE-2014-7126 - RESERVED + REJECTED CVE-2014-7125 (The Motor (aka com.magzter.motorhwpublishing) application 3.0 for ...) NOT-FOR-US: Motor (aka com.magzter.motorhwpublishing) application for Android CVE-2014-7124 (The IP Alarm (aka com.cosesy.gadget.alarm) application 1.4 for Android ...) @@ -8032,15 +8032,15 @@ CVE-2014-7116 (The NRA Journal (aka ...) CVE-2014-7115 (The Letters to God - soc. network (aka com.wPismakBoguLetterstoGod) ...) NOT-FOR-US: Letters to God - soc. network (aka com.wPismakBoguLetterstoGod) application for Android CVE-2014-7114 - RESERVED + REJECTED CVE-2014-7113 (The NASA Universe Wallpapers Xeus (aka com.xeusNASA) application 1.0 ...) NOT-FOR-US: NASA Universe Wallpapers Xeus (aka com.xeusNASA) application for Android CVE-2014-7112 - RESERVED + REJECTED CVE-2014-7111 (The Android Excellence (aka an.exc.ap) application 1.4.1 for Android ...) NOT-FOR-US: Android Excellence (aka an.exc.ap) application for Android CVE-2014-7110 - RESERVED + REJECTED CVE-2014-7109 (The Nesvarnik (aka cz.dtest.nesvarnik) application 1.0 for Android ...) NOT-FOR-US: Nesvarnik (aka cz.dtest.nesvarnik) application for Android CVE-2014-7108 (The Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) ...) @@ -8050,7 +8050,7 @@ CVE-2014-7107 (The Human Factor (aka com.magzter.thehumanfactor) application 3.0 CVE-2014-7106 (The Orakel-Ball (aka com.wOrakelball) application 0.2 for Android does ...) NOT-FOR-US: Orakel-Ball (aka com.wOrakelball) application for Android CVE-2014-7105 - RESERVED + REJECTED CVE-2014-7104 (The gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application 1.2 for ...) NOT-FOR-US: gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application for Android CVE-2014-7103 (The Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) ...) @@ -8066,13 +8066,13 @@ CVE-2014-7099 (The Woodcraft Magazine (aka com.magzter.woodcraftmagazine) applic CVE-2014-7098 (The Fylet Secure Large File Sender (aka ...) NOT-FOR-US: Fylet Secure Large File Sender (aka com.application.fyletFileSender) application for Android CVE-2014-7097 - RESERVED + REJECTED CVE-2014-7096 - RESERVED + REJECTED CVE-2014-7095 - RESERVED + REJECTED CVE-2014-7094 - RESERVED + REJECTED CVE-2014-7093 (The Superbike Magazine (aka com.triactivemedia.superbike) application ...) NOT-FOR-US: Superbike Magazine (aka com.triactivemedia.superbike) application for Android CVE-2014-7092 (The Ubooly (aka com.ubooly.ubooly) application 4.3.0 for Android does ...) @@ -8098,7 +8098,7 @@ CVE-2014-7083 (The Jiu Jik (aka com.scmp.jiujik) application 1.4.0 for Android d CVE-2014-7082 (The No Disturb (aka com.blogspot.imapp.imnodisturb) application 3.3 ...) NOT-FOR-US: No Disturb (aka com.blogspot.imapp.imnodisturb) application for Android CVE-2014-7081 - RESERVED + REJECTED CVE-2014-7080 (The Sigong ebook (aka com.sigongsa.sigonggenre) application 1.0.0 for ...) NOT-FOR-US: Sigong ebook (aka com.sigongsa.sigonggenre) application for Android CVE-2014-7079 (The Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application ...) @@ -8112,7 +8112,7 @@ CVE-2014-7076 (The Sanctuary Asia (aka com.magzter.sanctuaryasia) application 3. CVE-2014-7075 (The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for ...) NOT-FOR-US: HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application for Android CVE-2014-7074 - RESERVED + REJECTED CVE-2014-7073 (The Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) ...) NOT-FOR-US: Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) application for Android CVE-2014-7072 (The Venezia map (aka com.wVeneziamap) application 0.1 for Android does ...) @@ -8158,7 +8158,7 @@ CVE-2014-7053 (The City Star ME (aka com.citystarme) application 1.0 for Android CVE-2014-7052 (The sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application ...) NOT-FOR-US: sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application for Android CVE-2014-7051 - RESERVED + REJECTED CVE-2014-7050 (The givenu give (aka com.givenu.give) application 1.5.3 for Android ...) NOT-FOR-US: givenu give (aka com.givenu.give) application for Android CVE-2014-7049 (The SomTodo - Task/To-do widget (aka com.somcloud.somtodo) application ...) @@ -8232,7 +8232,7 @@ CVE-2014-7016 (The Mahasna Batik (aka com.batik.mahasna) application 1.0 for And CVE-2014-7015 (The JJ Texas Hold'em Poker (aka cn.jj.poker) application 1.13.23.HD ...) NOT-FOR-US: JJ Texas Hold'em Poker (aka cn.jj.poker) application for Android CVE-2014-7014 - RESERVED + REJECTED CVE-2014-7013 (The Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) ...) NOT-FOR-US: Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) application for Android CVE-2014-7012 (The Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application 2.0.1 ...) @@ -8562,7 +8562,7 @@ CVE-2014-6851 (The New Beginnings CFC (aka com.goodbarber.nbcfc) application 1.1 CVE-2014-6850 (The SED Account (aka com.starkville.smartapps) application 1.153.0034 ...) NOT-FOR-US: SED Account (aka com.starkville.smartapps) application for Android CVE-2014-6849 - RESERVED + REJECTED CVE-2014-6848 (The DS file (aka com.synology.DSfile) application 4.1.1 for Android ...) NOT-FOR-US: DS file (aka com.synology.DSfile) application for Android CVE-2014-6847 (The Horoscopes and Dreams (aka com.horoscopesanddreams) application ...) @@ -8638,7 +8638,7 @@ CVE-2014-6813 (The klassens (aka com.mcreda.klassens.apps) application 1.0 for . CVE-2014-6812 (The Aloha Guide (aka com.aloha.guide.english) application 1.5 for ...) NOT-FOR-US: Aloha Guide (aka com.aloha.guide.english) application for Android CVE-2014-6811 - RESERVED + REJECTED CVE-2014-6810 (The RIMS 2014 Annual Conference (aka ...) NOT-FOR-US: RIMS 2014 Annual Conference (aka com.coreapps.android.followme.rims2014) application for Android CVE-2014-6809 @@ -8972,7 +8972,7 @@ CVE-2014-6646 (The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4. CVE-2014-6645 (The Batch library for Android does not verify X.509 certificates from ...) NOT-FOR-US: Batch library for Android CVE-2014-6644 - RESERVED + REJECTED CVE-2014-6643 (The FIAT Forum (aka com.tapatalk.fiatforumcom) application 3.8.41 for ...) NOT-FOR-US: FIAT Forum (aka com.tapatalk.fiatforumcom) application for Android CVE-2014-6642 (The Mark's Daily Apple Forum (aka ...) @@ -9777,17 +9777,17 @@ CVE-2014-6374 (Microsoft Internet Explorer 6 through 11 allows remote attackers CVE-2014-6373 (Microsoft Internet Explorer 10 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6372 - RESERVED + REJECTED CVE-2014-6371 - RESERVED + REJECTED CVE-2014-6370 - RESERVED + REJECTED CVE-2014-6369 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6368 (Microsoft Internet Explorer 11 allows remote attackers to bypass the ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6367 - RESERVED + REJECTED CVE-2014-6366 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6365 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...) @@ -9803,9 +9803,9 @@ CVE-2014-6361 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1 CVE-2014-6360 (Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility ...) NOT-FOR-US: Microsoft Excel CVE-2014-6359 - RESERVED + REJECTED CVE-2014-6358 - RESERVED + REJECTED CVE-2014-6357 (Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 ...) NOT-FOR-US: Microsoft Office CVE-2014-6356 (Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and ...) @@ -9845,7 +9845,7 @@ CVE-2014-6340 (Microsoft Internet Explorer 6 through 11 allows remote attackers CVE-2014-6339 (Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6338 - RESERVED + REJECTED CVE-2014-6337 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6336 (Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and ...) @@ -9881,7 +9881,7 @@ CVE-2014-6322 (The Windows Audio service in Microsoft Windows Vista SP2, Windows CVE-2014-6321 (Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, ...) NOT-FOR-US: Microsoft CVE-2014-6320 - RESERVED + REJECTED CVE-2014-6319 (Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, ...) NOT-FOR-US: Microsoft Exchange Server CVE-2014-6318 (The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft ...) @@ -11543,7 +11543,7 @@ CVE-2014-5535 (The Baby Get Up - Kids Care (aka air.brown.jordansa.getup) applic CVE-2014-5534 (The Princess Shopping (aka air.android.PrincessShopping) application 2 ...) NOT-FOR-US: Princess Shopping (aka air.android.PrincessShopping) application for Android CVE-2014-5533 - RESERVED + REJECTED CVE-2014-5532 (The Honolulu (aka adidas.jp.android.running.honolulu) application 2 ...) NOT-FOR-US: Honolulu (aka adidas.jp.android.running.honolulu) application for Android CVE-2014-5531 (The Abode (aka abode.webview) application 1.7 for Android does not ...) @@ -11803,7 +11803,7 @@ CVE-2014-5418 (GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firm CVE-2014-5417 (Cross-site scripting (XSS) vulnerability in Meinberg NTP Server ...) NOT-FOR-US: Meinberg NTP Server firmware on LANTIME M-Series devices CVE-2014-5416 - RESERVED + REJECTED CVE-2014-5415 (Beckhoff Embedded PC images before 2014-10-22 and Automation Device ...) NOT-FOR-US: Beckhoff Embedded PC image CVE-2014-5414 (Beckhoff Embedded PC images before 2014-10-22 and Automation Device ...) @@ -11827,11 +11827,11 @@ CVE-2014-5406 (The Hospira LifeCare PCA Infusion System before 7.0 does not vali CVE-2014-5405 (Hospira MedNet before 6.1 uses a hardcoded cleartext password to ...) NOT-FOR-US: Hospira MedNet CVE-2014-5404 - RESERVED + REJECTED CVE-2014-5403 (Hospira MedNet before 6.1 uses hardcoded cryptographic keys for ...) NOT-FOR-US: Hospira MedNet CVE-2014-5402 - RESERVED + REJECTED CVE-2014-5401 RESERVED CVE-2014-5400 (The installation component in Hospira MedNet before 6.1 places ...) @@ -11949,7 +11949,7 @@ CVE-2014-5369 (Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryp NOTE: and http://sourceforge.net/p/enigmail/bugs/294/ NOTE: fixed in 1.7.1 and 1.8.0 upstream (not yet released) CVE-2014-5367 - RESERVED + REJECTED CVE-2014-5366 RESERVED CVE-2014-5365 @@ -12350,25 +12350,25 @@ CVE-2014-5232 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS al CVE-2014-5231 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows ...) NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient CVE-2014-5230 - RESERVED + REJECTED CVE-2014-5229 - RESERVED + REJECTED CVE-2014-5228 - RESERVED + REJECTED CVE-2014-5227 - RESERVED + REJECTED CVE-2014-5226 - RESERVED + REJECTED CVE-2014-5225 - RESERVED + REJECTED CVE-2014-5224 - RESERVED + REJECTED CVE-2014-5223 - RESERVED + REJECTED CVE-2014-5222 - RESERVED + REJECTED CVE-2014-5221 - RESERVED + REJECTED CVE-2014-5220 RESERVED CVE-2014-5219 @@ -13081,15 +13081,15 @@ CVE-2014-4954 (Cross-site scripting (XSS) vulnerability in the ...) [squeeze] - phpmyadmin <not-affected> (libraries/structure.lib.php not present) [wheezy] - phpmyadmin <not-affected> (libraries/structure.lib.php not present) CVE-2014-4953 - RESERVED + REJECTED CVE-2014-4952 - RESERVED + REJECTED CVE-2014-4951 - RESERVED + REJECTED CVE-2014-4950 - RESERVED + REJECTED CVE-2014-4949 - RESERVED + REJECTED CVE-2014-4948 (Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and ...) NOT-FOR-US: Citrix XenServer CVE-2014-4947 (Buffer overflow in the HVM graphics console support in Citrix ...) @@ -13613,7 +13613,7 @@ CVE-2014-4717 (Multiple cross-site request forgery (CSRF) vulnerabilities in the CVE-2014-4716 (Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR ...) NOT-FOR-US: Thomson TWG87OUIR CVE-2014-4714 - RESERVED + REJECTED CVE-2014-4713 RESERVED CVE-2014-4712 @@ -14201,7 +14201,7 @@ CVE-2014-4492 (libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, CVE-2014-4491 (The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X ...) NOT-FOR-US: Apple CVE-2014-4490 - RESERVED + REJECTED CVE-2014-4489 (IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...) NOT-FOR-US: Apple CVE-2014-4488 (IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...) @@ -14217,7 +14217,7 @@ CVE-2014-4484 (FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, CVE-2014-4483 (Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X ...) NOT-FOR-US: Apple CVE-2014-4482 - RESERVED + REJECTED CVE-2014-4481 (Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X ...) NOT-FOR-US: Apple CVE-2014-4480 (Directory traversal vulnerability in afc in AppleFileConduit in Apple ...) @@ -14225,7 +14225,7 @@ CVE-2014-4480 (Directory traversal vulnerability in afc in AppleFileConduit in A CVE-2014-4479 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, ...) NOT-FOR-US: Apple CVE-2014-4478 - RESERVED + REJECTED CVE-2014-4477 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, ...) NOT-FOR-US: Apple CVE-2014-4476 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, ...) @@ -14253,7 +14253,7 @@ CVE-2014-4466 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, a CVE-2014-4465 (WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4464 - RESERVED + REJECTED CVE-2014-4463 (Apple iOS before 8.1.1 allows physically proximate attackers to bypass ...) NOT-FOR-US: Apple CVE-2014-4462 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, ...) @@ -14269,11 +14269,11 @@ CVE-2014-4458 (The "System Profiler About This Mac" component in Apple CVE-2014-4457 (The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not ...) NOT-FOR-US: Apple CVE-2014-4456 - RESERVED + REJECTED CVE-2014-4455 (dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not ...) NOT-FOR-US: Apple CVE-2014-4454 - RESERVED + REJECTED CVE-2014-4453 (Apple iOS before 8.1.1 and OS X before 10.10.1 include location data ...) NOT-FOR-US: Apple CVE-2014-4452 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, ...) @@ -14291,7 +14291,7 @@ CVE-2014-4447 (Profile Manager in Apple OS X Server before 4.0 allows local user CVE-2014-4446 (Mail Service in Apple OS X Server before 4.0 does not enforce SACL ...) NOT-FOR-US: Apple OS X CVE-2014-4445 - RESERVED + REJECTED CVE-2014-4444 (SecurityAgent in Apple OS X before 10.10 does not ensure that a ...) NOT-FOR-US: Apple OS X CVE-2014-4443 (Apple OS X before 10.10 allows remote attackers to cause a denial of ...) @@ -14323,7 +14323,7 @@ CVE-2014-4431 (Dock in Apple OS X before 10.10 does not properly manage the ...) CVE-2014-4430 (CoreStorage in Apple OS X before 10.10 retains a volume's encryption ...) NOT-FOR-US: Apple OS X CVE-2014-4429 - RESERVED + REJECTED CVE-2014-4428 (Bluetooth in Apple OS X before 10.10 does not require encryption for ...) NOT-FOR-US: Apple OS X CVE-2014-4427 (App Sandbox in Apple OS X before 10.10 allows attackers to bypass a ...) @@ -14397,7 +14397,7 @@ CVE-2014-4394 (An unspecified integrated graphics driver routine in the Intel .. CVE-2014-4393 (Buffer overflow in the shader compiler in the Intel Graphics Driver ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4392 - RESERVED + REJECTED CVE-2014-4391 (The Code Signing feature in Apple OS X before 10.10 does not properly ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4390 (Bluetooth in Apple OS X before 10.9.5 does not properly validate API ...) @@ -14407,17 +14407,17 @@ CVE-2014-4389 (Integer overflow in IOKit in Apple iOS before 8 and Apple TV befo CVE-2014-4388 (IOKit in Apple iOS before 8 and Apple TV before 7 does not properly ...) NOT-FOR-US: Apple CVE-2014-4387 - RESERVED + REJECTED CVE-2014-4386 (Race condition in the App Installation feature in Apple iOS before 8 ...) NOT-FOR-US: Apple CVE-2014-4385 - RESERVED + REJECTED CVE-2014-4384 (Directory traversal vulnerability in the App Installation feature in ...) NOT-FOR-US: Apple CVE-2014-4383 (The Assets subsystem in Apple iOS before 8 and Apple TV before 7 ...) NOT-FOR-US: Apple CVE-2014-4382 - RESERVED + REJECTED CVE-2014-4381 (Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper ...) NOT-FOR-US: Apple CVE-2014-4380 (The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV ...) @@ -14441,7 +14441,7 @@ CVE-2014-4372 (syslogd in the syslog subsystem in Apple iOS before 8 and Apple T CVE-2014-4371 (The network-statistics interface in the kernel in Apple iOS before 8 ...) NOT-FOR-US: Apple CVE-2014-4370 - RESERVED + REJECTED CVE-2014-4369 (The IOAcceleratorFamily API implementation in Apple iOS before 8 and ...) NOT-FOR-US: Apple CVE-2014-4368 (The Accessibility subsystem in Apple iOS before 8 allows attackers to ...) @@ -14451,7 +14451,7 @@ CVE-2014-4367 (Apple iOS before 8 enables Voice Dial during all upgrade actions, CVE-2014-4366 (Mail in Apple iOS before 8 does not prevent sending a LOGIN command to ...) NOT-FOR-US: Apple CVE-2014-4365 - RESERVED + REJECTED CVE-2014-4364 (The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does ...) NOT-FOR-US: Apple CVE-2014-4363 (Safari in Apple iOS before 8 does not properly restrict the ...) @@ -14461,17 +14461,17 @@ CVE-2014-4362 (The Sandbox Profiles implementation in Apple iOS before 8 does no CVE-2014-4361 (The Home & Lock Screen subsystem in Apple iOS before 8 does not ...) NOT-FOR-US: Apple CVE-2014-4360 - RESERVED + REJECTED CVE-2014-4359 - RESERVED + REJECTED CVE-2014-4358 - RESERVED + REJECTED CVE-2014-4357 (Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows ...) NOT-FOR-US: Apple CVE-2014-4356 (Apple iOS before 8 does not follow the intended configuration setting ...) NOT-FOR-US: Apple CVE-2014-4355 - RESERVED + REJECTED CVE-2014-4354 (Apple iOS before 8 enables Bluetooth during all upgrade actions, which ...) NOT-FOR-US: Apple CVE-2014-4353 (Race condition in iMessage in Apple iOS before 8 allows attackers to ...) @@ -14657,9 +14657,9 @@ CVE-2014-4276 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote CVE-2014-4275 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2014-4273 - RESERVED + REJECTED CVE-2014-4272 - RESERVED + REJECTED CVE-2014-4271 (Unspecified vulnerability in the Hyperion Essbase component in Oracle ...) NOT-FOR-US: Oracle CVE-2014-4270 (Unspecified vulnerability in the Hyperion Common Admin component in ...) @@ -14999,31 +14999,31 @@ CVE-2014-4149 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4. CVE-2014-4148 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...) NOT-FOR-US: Microsoft CVE-2014-4147 - RESERVED + REJECTED CVE-2014-4146 - RESERVED + REJECTED CVE-2014-4145 RESERVED CVE-2014-4144 - RESERVED + REJECTED CVE-2014-4143 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4142 - RESERVED + REJECTED CVE-2014-4141 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2014-4140 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2014-4139 - RESERVED + REJECTED CVE-2014-4138 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft CVE-2014-4137 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft CVE-2014-4136 - RESERVED + REJECTED CVE-2014-4135 - RESERVED + REJECTED CVE-2014-4134 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2014-4133 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) @@ -15031,7 +15031,7 @@ CVE-2014-4133 (Microsoft Internet Explorer 6 and 7 allows remote attackers to ex CVE-2014-4132 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4131 - RESERVED + REJECTED CVE-2014-4130 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4129 (Microsoft Internet Explorer 8 allows remote attackers to execute ...) @@ -15043,7 +15043,7 @@ CVE-2014-4127 (Microsoft Internet Explorer 6 through 10 allows remote attackers CVE-2014-4126 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4125 - RESERVED + REJECTED CVE-2014-4124 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4123 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...) @@ -15053,9 +15053,9 @@ CVE-2014-4122 (Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR . CVE-2014-4121 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...) NOT-FOR-US: Microsoft CVE-2014-4120 - RESERVED + REJECTED CVE-2014-4119 - RESERVED + REJECTED CVE-2014-4118 (XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 ...) NOT-FOR-US: Microsoft CVE-2014-4117 (Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, ...) @@ -15155,7 +15155,7 @@ CVE-2014-4071 (The Server in Microsoft Lync Server 2013 allows remote attackers CVE-2014-4070 (Cross-site scripting (XSS) vulnerability in the Web Components Server ...) NOT-FOR-US: Microsoft Lync Server CVE-2014-4069 - RESERVED + REJECTED CVE-2014-4068 (The Response Group Service in Microsoft Lync Server 2010 and 2013 and ...) NOT-FOR-US: Microsoft Lync Server CVE-2014-4067 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) @@ -15185,9 +15185,9 @@ CVE-2014-4056 (Microsoft Internet Explorer 7 through 10 allows remote attackers CVE-2014-4055 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4054 - RESERVED + REJECTED CVE-2014-4053 - RESERVED + REJECTED CVE-2014-4052 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4051 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...) @@ -15861,9 +15861,9 @@ CVE-2014-3797 (Cross-site scripting (XSS) vulnerability in VMware vCenter Server CVE-2014-3796 (VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) ...) NOT-FOR-US: VMware NSX and vCNS CVE-2014-3795 - RESERVED + REJECTED CVE-2014-3794 - RESERVED + REJECTED CVE-2014-3793 (VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player ...) NOT-FOR-US: VMware CVE-2014-3792 (Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 ...) @@ -17180,7 +17180,7 @@ CVE-2014-3437 (The management console in Symantec Endpoint Protection Manager (S CVE-2014-3436 (Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP ...) NOT-FOR-US: Symantec CVE-2014-3435 - RESERVED + REJECTED CVE-2014-3434 (Buffer overflow in the sysplant driver in Symantec Endpoint Protection ...) NOT-FOR-US: Symantec CVE-2014-3433 (Cross-site scripting (XSS) vulnerability in the management console in ...) @@ -17297,7 +17297,7 @@ CVE-2014-3373 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM Di CVE-2014-3372 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3371 - RESERVED + REJECTED CVE-2014-3370 (Cisco TelePresence Video Communication Server (VCS) and Expressway ...) NOT-FOR-US: Cisco TelePresence CVE-2014-3369 (The SIP IX implementation in Cisco TelePresence Video Communication ...) @@ -17371,7 +17371,7 @@ CVE-2014-3336 (SQL injection vulnerability in the web framework in Cisco Unity . CVE-2014-3335 (Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly ...) NOT-FOR-US: Cisco CVE-2014-3334 - RESERVED + REJECTED CVE-2014-3333 (The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote ...) NOT-FOR-US: Cisco CVE-2014-3332 (Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an ...) @@ -17968,7 +17968,7 @@ CVE-2014-3142 CVE-2014-3141 RESERVED CVE-2014-3140 - RESERVED + REJECTED CVE-2014-3139 (recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 ...) NOT-FOR-US: Unitrends Enterprise Backup CVE-2014-3138 (SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 ...) @@ -18271,7 +18271,7 @@ CVE-2014-3005 [zabbix: local file inclusion via XXE] CVE-2014-3004 (The default configuration for the Xerces SAX Parser in Castor before ...) NOT-FOR-US: Castor CVE-2014-3003 - RESERVED + REJECTED CVE-2014-3002 RESERVED CVE-2014-3001 (The device file system (aka devfs) in FreeBSD 10.0 before p2 does not ...) @@ -18423,9 +18423,9 @@ CVE-2014-2947 (Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi CVE-2014-2946 (Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in ...) NOT-FOR-US: Huawei device CVE-2014-2945 - RESERVED + REJECTED CVE-2014-2944 - RESERVED + REJECTED CVE-2014-2943 REJECTED CVE-2014-2942 (Cobham Aviator 700D and 700E satellite terminals use an improper ...) @@ -18744,7 +18744,7 @@ CVE-2014-2814 (Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 CVE-2014-2813 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2812 - RESERVED + REJECTED CVE-2014-2811 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2810 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) @@ -18758,7 +18758,7 @@ CVE-2014-2807 (Microsoft Internet Explorer 6 through 11 allows remote attackers CVE-2014-2806 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2805 - RESERVED + REJECTED CVE-2014-2804 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2803 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...) @@ -18782,7 +18782,7 @@ CVE-2014-2795 (Microsoft Internet Explorer 8 through 11 allows remote attackers CVE-2014-2794 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2793 - RESERVED + REJECTED CVE-2014-2792 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2791 (Microsoft Internet Explorer 9 allows remote attackers to execute ...) @@ -18844,7 +18844,7 @@ CVE-2014-2764 (Microsoft Internet Explorer 10 and 11 allows remote attackers to CVE-2014-2763 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2762 - RESERVED + REJECTED CVE-2014-2761 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2760 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) @@ -19656,7 +19656,7 @@ CVE-2014-2464 (Unspecified vulnerability in the Oracle Agile PLM Framework compo CVE-2014-2463 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) ...) NOT-FOR-US: Oracle Secure Global Desktop (SGD) CVE-2014-2462 - RESERVED + REJECTED CVE-2014-2461 (Unspecified vulnerability in the Oracle Transportation Management ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-2460 (Unspecified vulnerability in the Oracle Transportation Management ...) @@ -19962,7 +19962,7 @@ CVE-2014-2346 (COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 throug CVE-2014-2345 (COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through ...) NOT-FOR-US: COPA-DATA CVE-2014-2344 - RESERVED + REJECTED CVE-2014-2343 (Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows ...) NOT-FOR-US: Triangle MicroWorks SCADA CVE-2014-2342 (Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote ...) @@ -20276,7 +20276,7 @@ CVE-2014-2217 (Absolute path traversal vulnerability in the RadAsyncUpload contr CVE-2014-2216 (The FortiManager protocol service in Fortinet FortiOS before 4.3.16 ...) NOT-FOR-US: Fortinet FortiOS CVE-2014-2215 - RESERVED + REJECTED CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web Portal ...) NOT-FOR-US: Erwin Web Portal CVE-2014-2209 (Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop ...) @@ -20318,7 +20318,7 @@ CVE-2014-2191 (Cross-site scripting (XSS) vulnerability in the web framework in CVE-2014-2190 (Cross-site request forgery (CSRF) vulnerability in the web framework ...) NOT-FOR-US: Cisco CVE-2014-2189 - RESERVED + REJECTED CVE-2014-2188 REJECTED CVE-2014-2187 @@ -20396,9 +20396,9 @@ CVE-2014-2152 (Cross-site request forgery (CSRF) vulnerability in the INSERT pag CVE-2014-2151 (The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-2150 - RESERVED + REJECTED CVE-2014-2149 - RESERVED + REJECTED CVE-2014-2148 RESERVED CVE-2014-2147 (The web interface in Cisco Prime Infrastructure 2.1 and earlier does ...) @@ -20850,7 +20850,7 @@ CVE-2014-1983 (Unspecified vulnerability in Cybozu Remote Service Manager throug CVE-2014-1982 (The administrative interface in Allied Telesis AT-RG634A ADSL ...) NOT-FOR-US: Allied Telesis AT-RG634A ADSL Broadband router CVE-2014-1981 - RESERVED + REJECTED CVE-2014-1980 (Cross-site scripting (XSS) vulnerability in ...) - piwigo <removed> (low) [squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts) @@ -21350,15 +21350,15 @@ CVE-2014-1827 (The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi . CVE-2014-1826 (Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 ...) NOT-FOR-US: iOS iThoughtsHD app CVE-2014-1825 - RESERVED + REJECTED CVE-2014-1824 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 ...) NOT-FOR-US: Microsoft Windows CVE-2014-1823 (Cross-site scripting (XSS) vulnerability in the Web Components Server ...) NOT-FOR-US: Microsoft Lync Server CVE-2014-1822 - RESERVED + REJECTED CVE-2014-1821 - RESERVED + REJECTED CVE-2014-1820 (Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) ...) NOT-FOR-US: Microsoft CVE-2014-1819 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...) @@ -21380,7 +21380,7 @@ CVE-2014-1812 (The Group Policy implementation in Microsoft Windows Vista SP2, . CVE-2014-1811 (The TCP implementation in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2014-1810 - RESERVED + REJECTED CVE-2014-1809 (The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, ...) NOT-FOR-US: Microsoft CVE-2014-1808 (Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote ...) @@ -21398,13 +21398,13 @@ CVE-2014-1803 (Microsoft Internet Explorer 6 through 11 allows remote attackers CVE-2014-1802 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1801 - RESERVED + REJECTED CVE-2014-1800 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1799 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1798 - RESERVED + REJECTED CVE-2014-1797 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1796 (Microsoft Internet Explorer 6 and 8 through 11 allows remote attackers ...) @@ -21414,7 +21414,7 @@ CVE-2014-1795 (Microsoft Internet Explorer 9 through 11 allows remote attackers CVE-2014-1794 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1793 - RESERVED + REJECTED CVE-2014-1792 (Microsoft Internet Explorer 8 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1791 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...) @@ -21426,7 +21426,7 @@ CVE-2014-1789 (Microsoft Internet Explorer 10 allows remote attackers to execute CVE-2014-1788 (Microsoft Internet Explorer 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1787 - RESERVED + REJECTED CVE-2014-1786 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1785 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) @@ -21464,7 +21464,7 @@ CVE-2014-1770 (Use-after-free vulnerability in Microsoft Internet Explorer 6 thr CVE-2014-1769 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1768 - RESERVED + REJECTED CVE-2014-1767 (Double free vulnerability in the Ancillary Function Driver (AFD) in ...) NOT-FOR-US: Microsoft Windows CVE-2014-1766 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) @@ -21829,25 +21829,25 @@ CVE-2014-1665 CVE-2014-1663 (Unspecified vulnerability in Citrix XenMobile Device Manager server ...) NOT-FOR-US: Citrix XenMobile Device Manager server CVE-2014-1662 - RESERVED + REJECTED CVE-2014-1661 - RESERVED + REJECTED CVE-2014-1660 - RESERVED + REJECTED CVE-2014-1659 - RESERVED + REJECTED CVE-2014-1658 - RESERVED + REJECTED CVE-2014-1657 - RESERVED + REJECTED CVE-2014-1656 - RESERVED + REJECTED CVE-2014-1655 - RESERVED + REJECTED CVE-2014-1654 - RESERVED + REJECTED CVE-2014-1653 - RESERVED + REJECTED CVE-2014-1652 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...) NOT-FOR-US: Symantec Web Gateway CVE-2014-1651 (SQL injection vulnerability in clientreport.php in the management ...) @@ -21961,7 +21961,7 @@ CVE-2014-1598 CVE-2014-1597 (SQL injection vulnerability in the CMDB web application in synetics ...) NOT-FOR-US: i-doit CVE-2014-1596 - RESERVED + REJECTED CVE-2014-1595 (Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and ...) - iceweasel <not-affected> (Specific to MacOS X) - icedove <not-affected> (Specific to MacOS X) @@ -22042,7 +22042,7 @@ CVE-2014-1580 (Mozilla Firefox before 33.0 does not properly initialize memory f [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> CVE-2014-1579 - RESERVED + REJECTED CVE-2014-1578 (The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x ...) {DSA-3061-1 DSA-3050-1} - iceweasel 31.2.0esr-1 @@ -22379,7 +22379,7 @@ CVE-2014-1522 (The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in - iceweasel <not-affected> (Only affects Firefox 28) - icedove <not-affected> (Only affects Firefox 28) CVE-2014-1521 - RESERVED + REJECTED CVE-2014-1520 (maintenservice_installer.exe in the Maintenance Service Installer in ...) - iceweasel <not-affected> (Windows-specific) CVE-2014-1519 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) @@ -22677,23 +22677,23 @@ CVE-2014-1440 CVE-2014-1439 (The libxml_disable_entity_loader function in ...) NOT-FOR-US: HipHop Virtual Machine for PHP CVE-2014-1437 - RESERVED + REJECTED CVE-2014-1436 - RESERVED + REJECTED CVE-2014-1435 - RESERVED + REJECTED CVE-2014-1434 - RESERVED + REJECTED CVE-2014-1433 - RESERVED + REJECTED CVE-2014-1432 - RESERVED + REJECTED CVE-2014-1431 - RESERVED + REJECTED CVE-2014-1430 - RESERVED + REJECTED CVE-2014-1429 - RESERVED + REJECTED CVE-2014-1428 RESERVED CVE-2014-1427 @@ -22839,7 +22839,7 @@ CVE-2014-1376 (Intel Compute in Apple OS X before 10.9.4 does not properly restr CVE-2014-1375 (Intel Graphics Driver in Apple OS X before 10.9.4 allows local users ...) NOT-FOR-US: Apple OS X Intel Graphics Driver CVE-2014-1374 - RESERVED + REJECTED CVE-2014-1373 (Intel Graphics Driver in Apple OS X before 10.9.4 does not properly ...) NOT-FOR-US: Apple OS X Intel Graphics Driver CVE-2014-1372 (Graphics Driver in Apple OS X before 10.9.4 does not properly restrict ...) @@ -22923,7 +22923,7 @@ CVE-2014-1334 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4 CVE-2014-1333 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1332 - RESERVED + REJECTED CVE-2014-1331 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1330 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...) @@ -22931,7 +22931,7 @@ CVE-2014-1330 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4 CVE-2014-1329 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1328 - RESERVED + REJECTED CVE-2014-1327 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1326 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...) @@ -22975,7 +22975,7 @@ CVE-2014-1308 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3 CVE-2014-1307 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1306 - RESERVED + REJECTED CVE-2014-1305 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1304 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...) @@ -23011,7 +23011,7 @@ CVE-2014-1290 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, CVE-2014-1289 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1288 - RESERVED + REJECTED CVE-2014-1287 (USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows ...) NOT-FOR-US: Apple CVE-2014-1286 (SpringBoard Lock Screen in Apple iOS before 7.1 allows remote ...) @@ -23021,7 +23021,7 @@ CVE-2014-1285 (Springboard in Apple iOS before 7.1 allows physically proximate . CVE-2014-1284 REJECTED CVE-2014-1283 - RESERVED + REJECTED CVE-2014-1282 (The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 ...) NOT-FOR-US: Apple CVE-2014-1281 (Photos Backend in Apple iOS before 7.1 does not properly manage the ...) @@ -23672,13 +23672,13 @@ CVE-2014-0791 (Integer overflow in the license_read_scope_list function in ...) CVE-2014-0789 (Multiple buffer overflows in the OPC Automation 2.0 Server Object ...) NOT-FOR-US: OPC Automation 2.0 Server CVE-2014-0788 - RESERVED + REJECTED CVE-2014-0787 (Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 ...) NOT-FOR-US: WellinTech KingSCADA CVE-2014-0786 (Ecava IntegraXor before 4.1.4393 allows remote attackers to read ...) NOT-FOR-US: Ecava IntegraXor CVE-2014-0785 - RESERVED + REJECTED CVE-2014-0784 (Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 ...) NOT-FOR-US: Yokogawa CENTUM CS 3000 CVE-2014-0783 (Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 ...) @@ -23698,7 +23698,7 @@ CVE-2014-0777 (The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and CVE-2014-0776 RESERVED CVE-2014-0775 - RESERVED + REJECTED CVE-2014-0774 (Stack-based buffer overflow in the C++ sample client in Schneider ...) NOT-FOR-US: Schneider Electric OPC Factory Server CVE-2014-0773 (The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX ...) @@ -23736,7 +23736,7 @@ CVE-2014-0758 (An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.0 CVE-2014-0757 (Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 ...) NOT-FOR-US: Smart Software Solutions (3S) CoDeSys Runtime Toolkit CVE-2014-0756 - RESERVED + REJECTED CVE-2014-0755 (Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not ...) NOT-FOR-US: Rockwell Automation RSLogix CVE-2014-0754 (Directory traversal vulnerability in SchneiderWEB on Schneider ...) @@ -23761,7 +23761,7 @@ CVE-2014-0746 (The disaster recovery system (DRS) in Cisco Unified Contact Cente CVE-2014-0745 (Cross-site request forgery (CSRF) vulnerability in the Unified ...) NOT-FOR-US: Cisco Unified Contact Center Express CVE-2014-0744 - RESERVED + REJECTED CVE-2014-0743 (The Certificate Authority Proxy Function (CAPF) component in Cisco ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0742 (The Certificate Authority Proxy Function (CAPF) CLI implementation in ...) @@ -24094,7 +24094,7 @@ CVE-2014-0581 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ... CVE-2014-0580 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0579 - RESERVED + REJECTED CVE-2014-0578 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0577 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...) @@ -24102,7 +24102,7 @@ CVE-2014-0577 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ... CVE-2014-0576 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0575 - RESERVED + REJECTED CVE-2014-0574 (Double free vulnerability in Adobe Flash Player before 13.0.0.252 and ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0573 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 ...) @@ -24192,7 +24192,7 @@ CVE-2014-0532 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player be CVE-2014-0531 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash CVE-2014-0530 - RESERVED + REJECTED CVE-2014-0529 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2014-0528 (Double free vulnerability in Adobe Reader and Acrobat 10.x before ...) @@ -24534,7 +24534,7 @@ CVE-2014-0410 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows - openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-0409 - RESERVED + REJECTED CVE-2014-0408 (Unspecified vulnerability in Oracle Java SE 7u45, when running on OS ...) - openjdk-6 <not-affected> (Specific to MacOS X) - openjdk-7 <not-affected> (Specific to MacOS X) @@ -24758,7 +24758,7 @@ CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and CVE-2014-0321 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0320 - RESERVED + REJECTED CVE-2014-0319 (Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer ...) NOT-FOR-US: Microsoft CVE-2014-0318 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...) @@ -24816,7 +24816,7 @@ CVE-2014-0293 (Microsoft Internet Explorer 9 through 11 allows remote attackers CVE-2014-0292 REJECTED CVE-2014-0291 - RESERVED + REJECTED CVE-2014-0290 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0289 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) @@ -24868,9 +24868,9 @@ CVE-2014-0267 (Microsoft Internet Explorer 11 allows remote attackers to execute CVE-2014-0266 (The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft ...) NOT-FOR-US: Microsoft CVE-2014-0265 - RESERVED + REJECTED CVE-2014-0264 - RESERVED + REJECTED CVE-2014-0263 (The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2014-0262 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and ...) @@ -24894,7 +24894,7 @@ CVE-2014-0254 (The IPv6 implementation in Microsoft Windows 8, Windows Server 20 CVE-2014-0253 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and ...) NOT-FOR-US: Microsoft .NET Framework CVE-2014-0252 - RESERVED + REJECTED CVE-2014-0251 (Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 ...) NOT-FOR-US: Microsoft SharePoint CVE-2014-0250 (Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP ...) @@ -25454,7 +25454,7 @@ CVE-2014-0110 (Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote .. CVE-2014-0109 (Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote ...) NOT-FOR-US: Apache CXF CVE-2014-0108 - RESERVED + REJECTED CVE-2014-0107 (The TransformerFactory in Apache Xalan-Java before 2.7.2 does not ...) {DSA-2886-1} - libxalan2-java 2.7.1-9 (bug #742577) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 437c066ee6..b77a0608f9 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -494,25 +494,25 @@ CVE-2015-8914 (The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 [jessie] - neutron <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/bugs/1502933 CVE-2015-8913 - RESERVED + REJECTED CVE-2015-8912 - RESERVED + REJECTED CVE-2015-8911 - RESERVED + REJECTED CVE-2015-8910 - RESERVED + REJECTED CVE-2015-8909 - RESERVED + REJECTED CVE-2015-8908 - RESERVED + REJECTED CVE-2015-8907 - RESERVED + REJECTED CVE-2015-8906 - RESERVED + REJECTED CVE-2015-8905 - RESERVED + REJECTED CVE-2015-8904 - RESERVED + REJECTED CVE-2015-1000013 (Remote file upload vulnerability in wordpress plugin csv2wpec-coupon ...) NOT-FOR-US: WordPress plugin csv2wpec-coupon CVE-2015-1000012 (Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin ...) @@ -874,17 +874,17 @@ CVE-2015-8831 (Cross-site scripting (XSS) vulnerability in admin/comments.php in NOTE: Fixed upstream in 2.8.2 NOTE: http://www.openwall.com/lists/oss-security/2016/03/05/4 CVE-2015-8829 - RESERVED + REJECTED CVE-2015-8828 - RESERVED + REJECTED CVE-2015-8827 - RESERVED + REJECTED CVE-2015-8826 - RESERVED + REJECTED CVE-2015-8825 - RESERVED + REJECTED CVE-2015-8824 - RESERVED + REJECTED CVE-2015-8823 (Use-after-free vulnerability in the TextField object implementation in ...) NOT-FOR-US: Adobe Flash Player CVE-2015-8822 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...) @@ -988,7 +988,7 @@ CVE-2015-8808 (The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e8fa353f53 CVE-2015-8802 - RESERVED + REJECTED CVE-2015-8801 (Race condition in the client in Symantec Endpoint Protection (SEP) ...) NOT-FOR-US: Symantec CVE-2015-8800 (Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x ...) @@ -1217,7 +1217,7 @@ CVE-2015-8754 (The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remot CVE-2015-8753 (SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization ...) NOT-FOR-US: SAP Afaria CVE-2015-8752 - RESERVED + REJECTED CVE-2015-8767 (net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not ...) {DSA-3448-1 DLA-412-1} - linux 4.3.1-1 @@ -1641,7 +1641,7 @@ CVE-2015-8676 (Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI CVE-2015-8675 (Huawei S5300 Campus Series switches with software before ...) NOT-FOR-US: Huawei CVE-2015-8674 - RESERVED + REJECTED CVE-2015-8673 (Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing ...) NOT-FOR-US: Huawei CVE-2015-8672 (The presentation transmission permission management mechanism in Huawei ...) @@ -1714,7 +1714,7 @@ CVE-2015-8639 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0. CVE-2015-8638 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...) NOT-FOR-US: Adobe Flash CVE-2015-8637 - RESERVED + REJECTED CVE-2015-8636 (Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before ...) NOT-FOR-US: Adobe Flash CVE-2015-8635 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...) @@ -1998,11 +1998,11 @@ CVE-2015-8578 (AVG Internet Security 2015 allocates memory with Read, Write, Exe CVE-2015-8577 (The Buffer Overflow Protection (BOP) feature in McAfee VirusScan ...) NOT-FOR-US: McAfee CVE-2015-8576 - RESERVED + REJECTED CVE-2015-8574 - RESERVED + REJECTED CVE-2015-8573 - RESERVED + REJECTED CVE-2015-XXXX [XSA-166: ioreq handling possibly susceptible to multiple read issue] - xen 4.8.0~rc3-1 [jessie] - xen 4.4.1-9+deb8u4 @@ -2243,9 +2243,9 @@ CVE-2015-8538 [a out of bound read bug is found in libdwarf] NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/2 NOTE: http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/ CVE-2015-8533 - RESERVED + REJECTED CVE-2015-8532 - RESERVED + REJECTED CVE-2015-8531 (Cross-site scripting (XSS) vulnerability in IBM Security Access ...) NOT-FOR-US: IBM CVE-2015-8530 (Stack-based buffer overflow in the Initialize function in an ActiveX ...) @@ -2253,13 +2253,13 @@ CVE-2015-8530 (Stack-based buffer overflow in the Initialize function in an Acti CVE-2015-8529 RESERVED CVE-2015-8528 - RESERVED + REJECTED CVE-2015-8527 - RESERVED + REJECTED CVE-2015-8526 - RESERVED + REJECTED CVE-2015-8525 - RESERVED + REJECTED CVE-2015-8524 (Cross-site scripting (XSS) vulnerability in Process Portal in IBM ...) NOT-FOR-US: IBM CVE-2015-8523 (The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before ...) @@ -2275,15 +2275,15 @@ CVE-2015-8519 (Buffer overflow in the server in IBM Tivoli Storage Manager FastB CVE-2015-8518 RESERVED CVE-2015-8517 - RESERVED + REJECTED CVE-2015-8516 - RESERVED + REJECTED CVE-2015-8515 - RESERVED + REJECTED CVE-2015-8514 - RESERVED + REJECTED CVE-2015-8513 - RESERVED + REJECTED CVE-2015-8512 (The lockscreen feature in Mozilla Firefox OS before 2.5 does not ...) NOT-FOR-US: Firefox OS CVE-2015-8511 (Race condition in the lockscreen feature in Mozilla Firefox OS before ...) @@ -2303,31 +2303,31 @@ CVE-2015-8505 (mediaserver in Android before 5.1.1 LMY48Z allows remote attacker CVE-2015-8503 RESERVED CVE-2015-8502 - RESERVED + REJECTED CVE-2015-8501 - RESERVED + REJECTED CVE-2015-8500 - RESERVED + REJECTED CVE-2015-8499 - RESERVED + REJECTED CVE-2015-8498 - RESERVED + REJECTED CVE-2015-8497 - RESERVED + REJECTED CVE-2015-8496 - RESERVED + REJECTED CVE-2015-8495 - RESERVED + REJECTED CVE-2015-8494 - RESERVED + REJECTED CVE-2015-8493 - RESERVED + REJECTED CVE-2015-8492 - RESERVED + REJECTED CVE-2015-8491 - RESERVED + REJECTED CVE-2015-8490 - RESERVED + REJECTED CVE-2015-8489 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote ...) NOT-FOR-US: Cybozu Office CVE-2015-8488 (Cybozu Office 10.3.0 allows remote attackers to read image files via a ...) @@ -2945,21 +2945,21 @@ CVE-2015-8299 CVE-2015-8298 RESERVED CVE-2015-8297 - RESERVED + REJECTED CVE-2015-8296 - RESERVED + REJECTED CVE-2015-8295 - RESERVED + REJECTED CVE-2015-8294 - RESERVED + REJECTED CVE-2015-8293 - RESERVED + REJECTED CVE-2015-8292 - RESERVED + REJECTED CVE-2015-8291 - RESERVED + REJECTED CVE-2015-8290 - RESERVED + REJECTED CVE-2015-8289 (The password-recovery feature on NETGEAR D3600 devices with firmware ...) NOT-FOR-US: Netgear routers CVE-2015-8288 (NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with ...) @@ -3062,7 +3062,7 @@ CVE-2015-8250 CVE-2015-8249 RESERVED CVE-2015-8248 - RESERVED + REJECTED CVE-2015-8247 (Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo ...) NOT-FOR-US: Synnefo CVE-2015-8246 @@ -3197,75 +3197,75 @@ CVE-2015-8212 (CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 . NOTE: http://www.eterna.com.au/bozohttpd/CHANGES NOTE: http://www.eterna.com.au/bozohttpd/bozohttpd-20160415.tar.bz2 CVE-2015-8211 - RESERVED + REJECTED CVE-2015-8210 - RESERVED + REJECTED CVE-2015-8209 - RESERVED + REJECTED CVE-2015-8208 - RESERVED + REJECTED CVE-2015-8207 - RESERVED + REJECTED CVE-2015-8206 - RESERVED + REJECTED CVE-2015-8205 - RESERVED + REJECTED CVE-2015-8204 - RESERVED + REJECTED CVE-2015-8203 - RESERVED + REJECTED CVE-2015-8202 - RESERVED + REJECTED CVE-2015-8201 - RESERVED + REJECTED CVE-2015-8200 - RESERVED + REJECTED CVE-2015-8199 - RESERVED + REJECTED CVE-2015-8198 - RESERVED + REJECTED CVE-2015-8197 - RESERVED + REJECTED CVE-2015-8196 - RESERVED + REJECTED CVE-2015-8195 - RESERVED + REJECTED CVE-2015-8194 - RESERVED + REJECTED CVE-2015-8193 - RESERVED + REJECTED CVE-2015-8192 - RESERVED + REJECTED CVE-2015-8191 - RESERVED + REJECTED CVE-2015-8190 - RESERVED + REJECTED CVE-2015-8189 - RESERVED + REJECTED CVE-2015-8188 - RESERVED + REJECTED CVE-2015-8187 - RESERVED + REJECTED CVE-2015-8186 - RESERVED + REJECTED CVE-2015-8185 - RESERVED + REJECTED CVE-2015-8184 - RESERVED + REJECTED CVE-2015-8183 - RESERVED + REJECTED CVE-2015-8182 - RESERVED + REJECTED CVE-2015-8181 - RESERVED + REJECTED CVE-2015-8180 - RESERVED + REJECTED CVE-2015-8179 - RESERVED + REJECTED CVE-2015-8178 - RESERVED + REJECTED CVE-2015-8177 - RESERVED + REJECTED CVE-2015-8175 RESERVED CVE-2015-8174 @@ -3310,7 +3310,7 @@ CVE-2015-8157 (SQL injection vulnerability in the Management Server in Symantec CVE-2015-8156 (Unquoted Windows search path vulnerability in EEDService in Symantec ...) NOT-FOR-US: Symantec CVE-2015-8155 - RESERVED + REJECTED CVE-2015-8154 (The SysPlant.sys driver in the Application and Device Control (ADC) ...) NOT-FOR-US: Symantec CVE-2015-8153 (SQL injection vulnerability in Symantec Endpoint Protection Manager ...) @@ -3498,7 +3498,7 @@ CVE-2015-8093 CVE-2015-8092 RESERVED CVE-2015-8091 - RESERVED + REJECTED CVE-2015-8090 (The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows ...) NOT-FOR-US: TIBCO CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x ...) @@ -4512,7 +4512,7 @@ CVE-2015-7781 CVE-2015-7780 RESERVED CVE-2015-7779 - RESERVED + REJECTED CVE-2015-7778 RESERVED CVE-2015-7777 (Cross-site scripting (XSS) vulnerability in index.php in JosephErnest ...) @@ -4570,7 +4570,7 @@ CVE-2015-7760 (libxpc in launchd in Apple OS X before 10.11 does not restrict th CVE-2015-7759 (BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM ...) NOT-FOR-US: BIG-IP CVE-2015-7757 - RESERVED + REJECTED CVE-2015-7756 (The encryption implementation in Juniper ScreenOS 6.2.0r15 through ...) NOT-FOR-US: Juniper ScreenOS CVE-2015-7755 (Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, ...) @@ -5021,31 +5021,31 @@ CVE-2015-7597 CVE-2015-7596 RESERVED CVE-2015-7595 - RESERVED + REJECTED CVE-2015-7594 - RESERVED + REJECTED CVE-2015-7593 - RESERVED + REJECTED CVE-2015-7592 - RESERVED + REJECTED CVE-2015-7591 - RESERVED + REJECTED CVE-2015-7590 - RESERVED + REJECTED CVE-2015-7589 - RESERVED + REJECTED CVE-2015-7588 - RESERVED + REJECTED CVE-2015-7587 - RESERVED + REJECTED CVE-2015-7586 - RESERVED + REJECTED CVE-2015-7585 - RESERVED + REJECTED CVE-2015-7584 - RESERVED + REJECTED CVE-2015-7583 - RESERVED + REJECTED CVE-2015-7582 RESERVED CVE-2015-7581 (actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in ...) @@ -5116,9 +5116,9 @@ CVE-2015-7575 (Mozilla Network Security Services (NSS) before 3.20.2, as used in NOTE: http://www.openwall.com/lists/oss-security/2015/05/05/8 NOTE: http://www.mitls.org/pages/attacks/SLOTH CVE-2015-7574 - RESERVED + REJECTED CVE-2015-7573 - RESERVED + REJECTED CVE-2015-7572 REJECTED NOT-FOR-US: Yeager CMS @@ -5286,17 +5286,17 @@ CVE-2015-7537 (Cross-site request forgery (CSRF) vulnerability in Jenkins before CVE-2015-7536 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and ...) - jenkins <removed> CVE-2015-7535 - RESERVED + REJECTED CVE-2015-7534 - RESERVED + REJECTED CVE-2015-7533 - RESERVED + REJECTED CVE-2015-7532 - RESERVED + REJECTED CVE-2015-7531 - RESERVED + REJECTED CVE-2015-7530 - RESERVED + REJECTED CVE-2015-7529 [Usage of predictable temporary files allows privilege escalation] RESERVED - sosreport 3.2+git276-g7da50d6-3 (unimportant) @@ -5307,15 +5307,15 @@ CVE-2015-7528 (Kubernetes before 1.2.0-alpha.5 allows remote attackers to read . CVE-2015-7527 (lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows ...) NOT-FOR-US: WordPress plugin cool-video-gallery CVE-2015-7526 - RESERVED + REJECTED CVE-2015-7525 - RESERVED + REJECTED CVE-2015-7524 - RESERVED + REJECTED CVE-2015-7523 - RESERVED + REJECTED CVE-2015-7522 - RESERVED + REJECTED CVE-2015-7521 (The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, ...) NOT-FOR-US: Apache Hive CVE-2015-7520 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...) @@ -6118,7 +6118,7 @@ CVE-2015-7210 (Use-after-free vulnerability in Mozilla Firefox before 43.0 and . [squeeze] - iceweasel <end-of-life> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-138/ CVE-2015-7209 - RESERVED + REJECTED CVE-2015-7208 (Mozilla Firefox before 43.0 stores cookies containing vertical tab ...) - iceweasel 44.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 43.x) @@ -6130,7 +6130,7 @@ CVE-2015-7207 (Mozilla Firefox before 43.0 does not properly restrict the ...) - iceweasel <not-affected> (ESR38 series not affected) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/ CVE-2015-7206 - RESERVED + REJECTED CVE-2015-7205 (Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in ...) {DSA-3432-1 DSA-3422-1} - iceweasel 38.5.0esr-1 @@ -6313,115 +6313,115 @@ CVE-2015-7174 (The nsAttrAndChildArray::GrowBy function in Mozilla Firefox befor [squeeze] - iceweasel <end-of-life> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/ CVE-2015-7173 - RESERVED + REJECTED CVE-2015-7172 - RESERVED + REJECTED CVE-2015-7171 - RESERVED + REJECTED CVE-2015-7170 - RESERVED + REJECTED CVE-2015-7169 - RESERVED + REJECTED CVE-2015-7168 - RESERVED + REJECTED CVE-2015-7167 - RESERVED + REJECTED CVE-2015-7166 - RESERVED + REJECTED CVE-2015-7165 - RESERVED + REJECTED CVE-2015-7164 - RESERVED + REJECTED CVE-2015-7163 - RESERVED + REJECTED CVE-2015-7162 - RESERVED + REJECTED CVE-2015-7161 - RESERVED + REJECTED CVE-2015-7160 - RESERVED + REJECTED CVE-2015-7159 - RESERVED + REJECTED CVE-2015-7158 - RESERVED + REJECTED CVE-2015-7157 - RESERVED + REJECTED CVE-2015-7156 - RESERVED + REJECTED CVE-2015-7155 - RESERVED + REJECTED CVE-2015-7154 - RESERVED + REJECTED CVE-2015-7153 - RESERVED + REJECTED CVE-2015-7152 - RESERVED + REJECTED CVE-2015-7151 - RESERVED + REJECTED CVE-2015-7150 - RESERVED + REJECTED CVE-2015-7149 - RESERVED + REJECTED CVE-2015-7148 - RESERVED + REJECTED CVE-2015-7147 - RESERVED + REJECTED CVE-2015-7146 - RESERVED + REJECTED CVE-2015-7145 - RESERVED + REJECTED CVE-2015-7144 - RESERVED + REJECTED CVE-2015-7143 - RESERVED + REJECTED CVE-2015-7142 - RESERVED + REJECTED CVE-2015-7141 - RESERVED + REJECTED CVE-2015-7140 - RESERVED + REJECTED CVE-2015-7139 - RESERVED + REJECTED CVE-2015-7138 - RESERVED + REJECTED CVE-2015-7137 - RESERVED + REJECTED CVE-2015-7136 - RESERVED + REJECTED CVE-2015-7135 - RESERVED + REJECTED CVE-2015-7134 - RESERVED + REJECTED CVE-2015-7133 - RESERVED + REJECTED CVE-2015-7132 - RESERVED + REJECTED CVE-2015-7131 - RESERVED + REJECTED CVE-2015-7130 - RESERVED + REJECTED CVE-2015-7129 - RESERVED + REJECTED CVE-2015-7128 - RESERVED + REJECTED CVE-2015-7127 - RESERVED + REJECTED CVE-2015-7126 - RESERVED + REJECTED CVE-2015-7125 - RESERVED + REJECTED CVE-2015-7124 - RESERVED + REJECTED CVE-2015-7123 - RESERVED + REJECTED CVE-2015-7122 - RESERVED + REJECTED CVE-2015-7121 - RESERVED + REJECTED CVE-2015-7120 - RESERVED + REJECTED CVE-2015-7119 - RESERVED + REJECTED CVE-2015-7118 RESERVED CVE-2015-7117 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...) @@ -6431,7 +6431,7 @@ CVE-2015-7116 (libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS be CVE-2015-7115 (libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ...) - libxml2 <undetermined> CVE-2015-7114 - RESERVED + REJECTED CVE-2015-7113 (The LaunchServices component in Apple iOS before 9.2 and watchOS ...) NOT-FOR-US: Apple CVE-2015-7112 (The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS ...) @@ -6603,13 +6603,13 @@ CVE-2015-7030 (The Swift implementation in Apple Xcode before 7.1 mishandles typ CVE-2015-7029 (Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before ...) NOT-FOR-US: Apple CVE-2015-7028 - RESERVED + REJECTED CVE-2015-7027 - RESERVED + REJECTED CVE-2015-7026 - RESERVED + REJECTED CVE-2015-7025 - RESERVED + REJECTED CVE-2015-7024 (Untrusted search path vulnerability in Apple OS X before 10.11.1 ...) NOT-FOR-US: Apple CVE-2015-7023 (CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not ...) @@ -6663,7 +6663,7 @@ CVE-2015-7000 (Notification Center in Apple iOS before 9.1 mishandles changes to CVE-2015-6999 (The OCSP client in Apple iOS before 9.1 does not check for certificate ...) NOT-FOR-US: Apple CVE-2015-6998 - RESERVED + REJECTED CVE-2015-6997 (The X.509 certificate-trust implementation in Apple iOS before 9.1 ...) NOT-FOR-US: Apple CVE-2015-6996 (IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and ...) @@ -6733,7 +6733,7 @@ CVE-2015-6965 (Multiple cross-site request forgery (CSRF) vulnerabilities in the CVE-2015-6964 RESERVED CVE-2015-6963 - RESERVED + REJECTED CVE-2015-6962 (SQL injection vulnerability in the web application in Farol allows ...) NOT-FOR-US: Farol CVE-2015-7236 (Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in ...) @@ -6810,7 +6810,7 @@ CVE-2015-6939 (Cross-site scripting (XSS) vulnerability in the login module in . CVE-2015-6936 RESERVED CVE-2015-6935 - RESERVED + REJECTED CVE-2015-6934 (Serialized-object interfaces in VMware vRealize Orchestrator 6.x, ...) NOT-FOR-US: VMware CVE-2015-6933 (The VMware Tools HGFS (aka Shared Folders) implementation in VMware ...) @@ -6877,89 +6877,89 @@ CVE-2015-6909 (Cross-site scripting (XSS) vulnerability in the "Create down CVE-2015-6907 RESERVED CVE-2015-6906 - RESERVED + REJECTED CVE-2015-6905 - RESERVED + REJECTED CVE-2015-6904 - RESERVED + REJECTED CVE-2015-6903 - RESERVED + REJECTED CVE-2015-6902 - RESERVED + REJECTED CVE-2015-6901 - RESERVED + REJECTED CVE-2015-6900 - RESERVED + REJECTED CVE-2015-6899 - RESERVED + REJECTED CVE-2015-6898 - RESERVED + REJECTED CVE-2015-6897 - RESERVED + REJECTED CVE-2015-6896 - RESERVED + REJECTED CVE-2015-6895 - RESERVED + REJECTED CVE-2015-6894 - RESERVED + REJECTED CVE-2015-6893 - RESERVED + REJECTED CVE-2015-6892 - RESERVED + REJECTED CVE-2015-6891 - RESERVED + REJECTED CVE-2015-6890 - RESERVED + REJECTED CVE-2015-6889 - RESERVED + REJECTED CVE-2015-6888 - RESERVED + REJECTED CVE-2015-6887 - RESERVED + REJECTED CVE-2015-6886 - RESERVED + REJECTED CVE-2015-6885 - RESERVED + REJECTED CVE-2015-6884 - RESERVED + REJECTED CVE-2015-6883 - RESERVED + REJECTED CVE-2015-6882 - RESERVED + REJECTED CVE-2015-6881 - RESERVED + REJECTED CVE-2015-6880 - RESERVED + REJECTED CVE-2015-6879 - RESERVED + REJECTED CVE-2015-6878 - RESERVED + REJECTED CVE-2015-6877 - RESERVED + REJECTED CVE-2015-6876 - RESERVED + REJECTED CVE-2015-6875 - RESERVED + REJECTED CVE-2015-6874 - RESERVED + REJECTED CVE-2015-6873 - RESERVED + REJECTED CVE-2015-6872 - RESERVED + REJECTED CVE-2015-6871 - RESERVED + REJECTED CVE-2015-6870 - RESERVED + REJECTED CVE-2015-6869 - RESERVED + REJECTED CVE-2015-6868 - RESERVED + REJECTED CVE-2015-6867 (The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not ...) NOT-FOR-US: HP Vertica CVE-2015-6866 - RESERVED + REJECTED CVE-2015-6865 - RESERVED + REJECTED CVE-2015-6864 (HPE ArcSight Logger before 6.1P1 allows remote authenticated users to ...) NOT-FOR-US: HPE ArcSight Logger CVE-2015-6863 (HPE ArcSight Logger before 6.1P1 allows remote attackers to execute ...) @@ -7660,15 +7660,15 @@ CVE-2015-6654 (The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4. [squeeze] - xen <not-affected> (Xen on arm not yet supported) NOTE: http://xenbits.xen.org/xsa/advisory-141.html CVE-2015-6653 - RESERVED + REJECTED CVE-2015-6652 - RESERVED + REJECTED CVE-2015-6651 - RESERVED + REJECTED CVE-2015-6650 - RESERVED + REJECTED CVE-2015-6649 - RESERVED + REJECTED CVE-2015-6648 RESERVED CVE-2015-6647 (The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 ...) @@ -8151,41 +8151,41 @@ CVE-2015-6455 CVE-2015-6454 (Everest PeakHMI before 8.7.0.2, when the video server is used, allows ...) NOT-FOR-US: PeakHMI CVE-2015-6453 - RESERVED + REJECTED CVE-2015-6452 - RESERVED + REJECTED CVE-2015-6451 - RESERVED + REJECTED CVE-2015-6450 - RESERVED + REJECTED CVE-2015-6449 - RESERVED + REJECTED CVE-2015-6448 - RESERVED + REJECTED CVE-2015-6447 - RESERVED + REJECTED CVE-2015-6446 - RESERVED + REJECTED CVE-2015-6445 - RESERVED + REJECTED CVE-2015-6444 - RESERVED + REJECTED CVE-2015-6443 - RESERVED + REJECTED CVE-2015-6442 - RESERVED + REJECTED CVE-2015-6441 - RESERVED + REJECTED CVE-2015-6440 - RESERVED + REJECTED CVE-2015-6439 - RESERVED + REJECTED CVE-2015-6438 - RESERVED + REJECTED CVE-2015-6437 - RESERVED + REJECTED CVE-2015-6436 - RESERVED + REJECTED CVE-2015-6435 (An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower ...) NOT-FOR-US: Cisco CVE-2015-6434 (Cisco Prime Infrastructure does not properly restrict use of IFRAME ...) @@ -8379,15 +8379,15 @@ CVE-2015-6344 (The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX . CVE-2015-6343 (The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border ...) NOT-FOR-US: Cisco CVE-2015-6342 - RESERVED + REJECTED CVE-2015-6341 (The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices ...) NOT-FOR-US: Cisco CVE-2015-6340 (The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on ...) NOT-FOR-US: Cisco CVE-2015-6339 - RESERVED + REJECTED CVE-2015-6338 - RESERVED + REJECTED CVE-2015-6337 (Cross-site scripting (XSS) vulnerability in Cisco Application Policy ...) NOT-FOR-US: Cisco CVE-2015-6336 (Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), ...) @@ -8497,7 +8497,7 @@ CVE-2015-6285 (Format string vulnerability in Cisco Email Security Appliance (ES CVE-2015-6284 (Buffer overflow in the Conference Control Protocol API implementation ...) NOT-FOR-US: Cisco TelePresence Server CVE-2015-6283 - RESERVED + REJECTED CVE-2015-6282 (Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS ...) NOT-FOR-US: Cisco IOS CVE-2015-6281 @@ -8580,123 +8580,123 @@ CVE-2015-6238 (Multiple cross-site scripting (XSS) vulnerabilities in the Google CVE-2015-6237 RESERVED CVE-2015-6236 - RESERVED + REJECTED CVE-2015-6235 - RESERVED + REJECTED CVE-2015-6234 - RESERVED + REJECTED CVE-2015-6233 - RESERVED + REJECTED CVE-2015-6232 - RESERVED + REJECTED CVE-2015-6231 - RESERVED + REJECTED CVE-2015-6230 - RESERVED + REJECTED CVE-2015-6229 - RESERVED + REJECTED CVE-2015-6228 - RESERVED + REJECTED CVE-2015-6227 - RESERVED + REJECTED CVE-2015-6226 - RESERVED + REJECTED CVE-2015-6225 - RESERVED + REJECTED CVE-2015-6224 - RESERVED + REJECTED CVE-2015-6223 - RESERVED + REJECTED CVE-2015-6222 - RESERVED + REJECTED CVE-2015-6221 - RESERVED + REJECTED CVE-2015-6220 - RESERVED + REJECTED CVE-2015-6219 - RESERVED + REJECTED CVE-2015-6218 - RESERVED + REJECTED CVE-2015-6217 - RESERVED + REJECTED CVE-2015-6216 - RESERVED + REJECTED CVE-2015-6215 - RESERVED + REJECTED CVE-2015-6214 - RESERVED + REJECTED CVE-2015-6213 - RESERVED + REJECTED CVE-2015-6212 - RESERVED + REJECTED CVE-2015-6211 - RESERVED + REJECTED CVE-2015-6210 - RESERVED + REJECTED CVE-2015-6209 - RESERVED + REJECTED CVE-2015-6208 - RESERVED + REJECTED CVE-2015-6207 - RESERVED + REJECTED CVE-2015-6206 - RESERVED + REJECTED CVE-2015-6205 - RESERVED + REJECTED CVE-2015-6204 - RESERVED + REJECTED CVE-2015-6203 - RESERVED + REJECTED CVE-2015-6202 - RESERVED + REJECTED CVE-2015-6201 - RESERVED + REJECTED CVE-2015-6200 - RESERVED + REJECTED CVE-2015-6199 - RESERVED + REJECTED CVE-2015-6198 - RESERVED + REJECTED CVE-2015-6197 - RESERVED + REJECTED CVE-2015-6196 - RESERVED + REJECTED CVE-2015-6195 - RESERVED + REJECTED CVE-2015-6194 - RESERVED + REJECTED CVE-2015-6193 - RESERVED + REJECTED CVE-2015-6192 - RESERVED + REJECTED CVE-2015-6191 - RESERVED + REJECTED CVE-2015-6190 - RESERVED + REJECTED CVE-2015-6189 - RESERVED + REJECTED CVE-2015-6188 - RESERVED + REJECTED CVE-2015-6187 - RESERVED + REJECTED CVE-2015-6186 - RESERVED + REJECTED CVE-2015-6185 - RESERVED + REJECTED CVE-2015-6184 (The CAttrArray object implementation in Microsoft Internet Explorer 7 ...) NOT-FOR-US: Microsoft CVE-2015-6183 - RESERVED + REJECTED CVE-2015-6182 - RESERVED + REJECTED CVE-2015-6181 - RESERVED + REJECTED CVE-2015-6180 - RESERVED + REJECTED CVE-2015-6179 - RESERVED + REJECTED CVE-2015-6178 - RESERVED + REJECTED CVE-2015-6177 (Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel ...) NOT-FOR-US: Microsoft CVE-2015-6176 (Microsoft Edge mishandles HTML attributes in HTTP responses, which ...) @@ -8718,7 +8718,7 @@ CVE-2015-6169 (Microsoft Edge misparses HTTP responses, which allows remote atta CVE-2015-6168 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) NOT-FOR-US: Microsoft CVE-2015-6167 - RESERVED + REJECTED CVE-2015-6166 (Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2015-6165 (Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to ...) @@ -8726,7 +8726,7 @@ CVE-2015-6165 (Microsoft Silverlight 5 before 5.1.41105.00 allows remote attacke CVE-2015-6164 (Microsoft Internet Explorer 9 through 11 improperly implements a ...) NOT-FOR-US: Microsoft CVE-2015-6163 - RESERVED + REJECTED CVE-2015-6162 (Microsoft Internet Explorer 10 allows remote attackers to execute ...) NOT-FOR-US: Microsoft CVE-2015-6161 (Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow ...) @@ -8778,7 +8778,7 @@ CVE-2015-6139 (Microsoft Internet Explorer 11 and Microsoft Edge mishandle conte CVE-2015-6138 (Microsoft Internet Explorer 8 through 11 mishandles HTML attributes in ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-6137 - RESERVED + REJECTED CVE-2015-6136 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...) NOT-FOR-US: Microsof CVE-2015-6135 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...) @@ -8794,7 +8794,7 @@ CVE-2015-6131 (Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP CVE-2015-6130 (Integer underflow in Uniscribe in Microsoft Windows 7 SP1 and Windows ...) NOT-FOR-US: Microsof CVE-2015-6129 - RESERVED + REJECTED CVE-2015-6128 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and ...) NOT-FOR-US: Microsoft Windows CVE-2015-6127 (Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, ...) @@ -8810,17 +8810,17 @@ CVE-2015-6123 (Cross-site scripting (XSS) vulnerability in Microsoft Excel for M CVE-2015-6122 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office ...) NOT-FOR-US: Microsoft CVE-2015-6121 - RESERVED + REJECTED CVE-2015-6120 - RESERVED + REJECTED CVE-2015-6119 - RESERVED + REJECTED CVE-2015-6118 (Microsoft Office 2007 SP3 and Office 2010 SP2 allow remote attackers ...) NOT-FOR-US: Microsoft Office CVE-2015-6117 (Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 ...) NOT-FOR-US: Microsoft CVE-2015-6116 - RESERVED + REJECTED CVE-2015-6115 (Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote ...) NOT-FOR-US: Microsoft .NET Framework CVE-2015-6114 (Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to ...) @@ -8832,7 +8832,7 @@ CVE-2015-6112 (SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 CVE-2015-6111 (IPSec in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold ...) NOT-FOR-US: Microsoft Windows CVE-2015-6110 - RESERVED + REJECTED CVE-2015-6109 (The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2015-6108 (The Windows font library in Microsoft Windows Vista SP2; Windows ...) @@ -8842,7 +8842,7 @@ CVE-2015-6107 (The Windows font library in Microsoft Windows Vista SP2, Windows CVE-2015-6106 (The Windows font library in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2015-6105 - RESERVED + REJECTED CVE-2015-6104 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2015-6103 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...) @@ -8872,7 +8872,7 @@ CVE-2015-6092 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 201 CVE-2015-6091 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...) NOT-FOR-US: Microsoft CVE-2015-6090 - RESERVED + REJECTED CVE-2015-6089 (The Microsoft (1) VBScript and (2) JScript engines, as used in ...) NOT-FOR-US: Microsoft CVE-2015-6088 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...) @@ -8918,7 +8918,7 @@ CVE-2015-6069 (Microsoft Internet Explorer 8 through 11 allows remote attackers CVE-2015-6068 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft CVE-2015-6067 - RESERVED + REJECTED CVE-2015-6066 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2015-6065 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) @@ -8926,13 +8926,13 @@ CVE-2015-6065 (Microsoft Internet Explorer 9 through 11 allows remote attackers CVE-2015-6064 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote ...) NOT-FOR-US: Microsoft CVE-2015-6063 - RESERVED + REJECTED CVE-2015-6062 - RESERVED + REJECTED CVE-2015-6061 (Cross-site scripting (XSS) vulnerability in Microsoft Skype for ...) NOT-FOR-US: Microsoft CVE-2015-6060 - RESERVED + REJECTED CVE-2015-6059 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...) NOT-FOR-US: Microsoft CVE-2015-6058 (Microsoft Edge mishandles HTML attributes in HTTP responses, which ...) @@ -8944,7 +8944,7 @@ CVE-2015-6056 (The (1) JScript and (2) VBScript engines in Microsoft Internet .. CVE-2015-6055 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...) NOT-FOR-US: Microsoft CVE-2015-6054 - RESERVED + REJECTED CVE-2015-6053 (Microsoft Internet Explorer 11 allows remote attackers to obtain ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-6052 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...) @@ -8966,11 +8966,11 @@ CVE-2015-6045 (Use-after-free vulnerability in the CElement object implementatio CVE-2015-6044 (Microsoft Internet Explorer 8 allows remote attackers to gain ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-6043 - RESERVED + REJECTED CVE-2015-6042 (Use-after-free vulnerability in the CWindow object implementation in ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-6041 - RESERVED + REJECTED CVE-2015-6040 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel ...) NOT-FOR-US: Microsoft CVE-2015-6039 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...) @@ -9146,35 +9146,35 @@ CVE-2015-6496 (conntrackd in conntrack-tools 1.4.2 and earlier does not ensure t NOTE: http://bugzilla.netfilter.org/show_bug.cgi?id=910 NOTE: https://git.netfilter.org/conntrack-tools/commit/?id=c392c159605956c7bd4a264ab4490e2b2704c0cd CVE-2015-5985 - RESERVED + REJECTED CVE-2015-5984 - RESERVED + REJECTED CVE-2015-5983 - RESERVED + REJECTED CVE-2015-5982 - RESERVED + REJECTED CVE-2015-5981 - RESERVED + REJECTED CVE-2015-5980 - RESERVED + REJECTED CVE-2015-5979 - RESERVED + REJECTED CVE-2015-5978 - RESERVED + REJECTED CVE-2015-5977 - RESERVED + REJECTED CVE-2015-5976 - RESERVED + REJECTED CVE-2015-5975 - RESERVED + REJECTED CVE-2015-5974 - RESERVED + REJECTED CVE-2015-5973 - RESERVED + REJECTED CVE-2015-5972 - RESERVED + REJECTED CVE-2015-5971 - RESERVED + REJECTED CVE-2015-5970 (The ChangePassword RPC method in Novell ZENworks Configuration ...) NOT-FOR-US: Novell CVE-2015-5969 (The mysql-systemd-helper script in the mysql-community-server package ...) @@ -9182,9 +9182,9 @@ CVE-2015-5969 (The mysql-systemd-helper script in the mysql-community-server pac CVE-2015-5968 (Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot ...) NOT-FOR-US: Novell CVE-2015-5967 - RESERVED + REJECTED CVE-2015-5966 - RESERVED + REJECTED CVE-2015-5965 (The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the ...) NOT-FOR-US: Fortinet FortiOS CVE-2015-6506 (Cross-site scripting (XSS) vulnerability in the cryptography interface ...) @@ -9344,7 +9344,7 @@ CVE-2015-5943 (SecurityAgent in Apple OS X before 10.11.1 does not prevent synth CVE-2015-5942 (FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS ...) NOT-FOR-US: Apple CVE-2015-5941 - RESERVED + REJECTED CVE-2015-5940 (The Accelerate Framework component in Apple iOS before 9.1 and OS X ...) NOT-FOR-US: Apple CVE-2015-5939 (ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS ...) @@ -9410,7 +9410,7 @@ CVE-2015-5910 (IDE Xcode Server in Apple Xcode before 7.0 does not ensure that s CVE-2015-5909 (IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict ...) NOT-FOR-US: Apple CVE-2015-5908 - RESERVED + REJECTED CVE-2015-5907 (WebKit in Apple iOS before 9 allows man-in-the-middle attackers to ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2015-5906 (The HTML form implementation in WebKit in Apple iOS before 9 does not ...) @@ -9454,7 +9454,7 @@ CVE-2015-5888 (The Install Framework Legacy component in Apple OS X before 10.11 CVE-2015-5887 (The TLS Handshake Protocol implementation in Secure Transport in Apple ...) NOT-FOR-US: Apple CVE-2015-5886 - RESERVED + REJECTED CVE-2015-5885 (The CFNetwork Cookies component in Apple iOS before 9 allows remote ...) NOT-FOR-US: Apple CVE-2015-5884 (The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles ...) @@ -9522,7 +9522,7 @@ CVE-2015-5854 (The backup implementation in Time Machine in Apple OS X before 10 CVE-2015-5853 (AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers ...) NOT-FOR-US: Apple CVE-2015-5852 - RESERVED + REJECTED CVE-2015-5851 (The convenience initializer in the Multipeer Connectivity component in ...) NOT-FOR-US: Apple CVE-2015-5850 (AppleKeyStore in Apple iOS before 9 allows physically proximate ...) @@ -9706,7 +9706,7 @@ CVE-2015-5762 CVE-2015-5761 (CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...) NOT-FOR-US: Apple OS X CVE-2015-5760 - RESERVED + REJECTED CVE-2015-5759 (WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2015-5758 (ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...) @@ -10171,11 +10171,11 @@ CVE-2015-5660 (Cross-site request forgery (CSRF) vulnerability in eXtplorer befo CVE-2015-5659 (SQL injection vulnerability in Network Applied Communication ...) NOT-FOR-US: Network Applied Communication Laboratory Pref Shimane CMS CVE-2015-5658 - RESERVED + REJECTED CVE-2015-5657 - RESERVED + REJECTED CVE-2015-5656 - RESERVED + REJECTED CVE-2015-5655 (The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 ...) NOT-FOR-US: Adways Party Track SDK CVE-2015-5654 (Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 ...) @@ -10259,9 +10259,9 @@ CVE-2015-5617 CVE-2015-5616 RESERVED CVE-2015-5615 - RESERVED + REJECTED CVE-2015-5614 - RESERVED + REJECTED CVE-2015-5613 RESERVED CVE-2015-5612 (Cross-site scripting (XSS) vulnerability in October CMS build 271 and ...) @@ -10342,7 +10342,7 @@ CVE-2015-5587 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.2 CVE-2015-5586 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...) NOT-FOR-US: Adobe CVE-2015-5585 - RESERVED + REJECTED CVE-2015-5584 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 ...) NOT-FOR-US: Adobe Flash Player CVE-2015-5583 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...) @@ -10426,9 +10426,9 @@ CVE-2015-5545 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and befo CVE-2015-5544 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...) NOT-FOR-US: Adobe Flash Player CVE-2015-5543 - RESERVED + REJECTED CVE-2015-5542 - RESERVED + REJECTED CVE-2015-5541 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on ...) NOT-FOR-US: Adobe Flash Player CVE-2015-5540 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...) @@ -10705,9 +10705,9 @@ CVE-2015-5452 (SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before CVE-2015-5451 (Cross-site request forgery (CSRF) vulnerability in HP Operations ...) NOT-FOR-US: HP Operations Orchestration Central CVE-2015-5450 - RESERVED + REJECTED CVE-2015-5449 - RESERVED + REJECTED CVE-2015-5448 (HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 ...) NOT-FOR-US: HP Asset Manager CVE-2015-5447 (Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system ...) @@ -10727,13 +10727,13 @@ CVE-2015-5441 (Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSigh CVE-2015-5440 (HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before ...) NOT-FOR-US: HP UCMDB CVE-2015-5439 - RESERVED + REJECTED CVE-2015-5438 - RESERVED + REJECTED CVE-2015-5437 - RESERVED + REJECTED CVE-2015-5436 - RESERVED + REJECTED CVE-2015-5435 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 ...) NOT-FOR-US: HP CVE-2015-5434 (HPE Networking Products, originally branded as Comware 5, Comware 7, ...) @@ -10755,7 +10755,7 @@ CVE-2015-5427 (HP Matrix Operating Environment before 7.5.0 allows remote attack CVE-2015-5426 (Unspecified vulnerability in HP LoadRunner Controller before 12.50 ...) NOT-FOR-US: HP LoadRunner CVE-2015-5425 - RESERVED + REJECTED CVE-2015-5424 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...) NOT-FOR-US: HP KeyView CVE-2015-5423 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...) @@ -10775,9 +10775,9 @@ CVE-2015-5417 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.2 CVE-2015-5416 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...) NOT-FOR-US: HP KeyView CVE-2015-5415 - RESERVED + REJECTED CVE-2015-5414 - RESERVED + REJECTED CVE-2015-5413 (HP Version Control Repository Manager (VCRM) before 7.5.0 allows ...) NOT-FOR-US: HP Version Control Repository Manager CVE-2015-5412 (Cross-site request forgery (CSRF) vulnerability in HP Version Control ...) @@ -11889,7 +11889,7 @@ CVE-2015-5128 CVE-2015-5127 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...) NOT-FOR-US: Adobe Flash Player CVE-2015-5126 - RESERVED + REJECTED CVE-2015-5125 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...) NOT-FOR-US: Adobe Flash Player CVE-2015-5124 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...) @@ -11917,7 +11917,7 @@ CVE-2015-5114 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x bef CVE-2015-5113 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2015-5112 - RESERVED + REJECTED CVE-2015-5111 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2015-5110 (Stack-based buffer overflow in Adobe Reader and Acrobat 10.x before ...) @@ -12326,7 +12326,7 @@ CVE-2015-4920 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local u CVE-2015-4919 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...) NOT-FOR-US: Oracle CVE-2015-4918 - RESERVED + REJECTED CVE-2015-4917 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...) NOT-FOR-US: Oracle CVE-2015-4916 (Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 ...) @@ -12385,7 +12385,7 @@ CVE-2015-4899 (Unspecified vulnerability in the Oracle GlassFish Server componen CVE-2015-4898 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: Oracle CVE-2015-4897 - RESERVED + REJECTED CVE-2015-4896 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...) {DSA-3384-1} - virtualbox 5.0.8-dfsg-1 @@ -12413,7 +12413,7 @@ CVE-2015-4890 (Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earli - mysql-5.5 <not-affected> (Only affects MySQL 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html CVE-2015-4889 - RESERVED + REJECTED CVE-2015-4888 (Unspecified vulnerability in the Java VM component in Oracle Database ...) NOT-FOR-US: Oracle CVE-2015-4887 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...) @@ -12528,11 +12528,11 @@ CVE-2015-4856 (Unspecified vulnerability in the Oracle VM VirtualBox component i - virtualbox-ose <removed> [squeeze] - virtualbox-ose <end-of-life> (No longer supported in Squeeze LTS) CVE-2015-4855 - RESERVED + REJECTED CVE-2015-4854 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle CVE-2015-4853 - RESERVED + REJECTED CVE-2015-4852 (The WLS Security component in Oracle WebLogic Server 10.3.6.0, ...) NOT-FOR-US: Oracle CVE-2015-4851 (Unspecified vulnerability in the Oracle iSupplier Portal component in ...) @@ -12658,7 +12658,7 @@ CVE-2015-4815 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earli - mariadb-10.0 10.0.22-1 (bug #802874) NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html CVE-2015-4814 - RESERVED + REJECTED CVE-2015-4813 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...) {DSA-3384-1} - virtualbox 5.0.8-dfsg-1 @@ -12952,7 +12952,7 @@ CVE-2015-4722 CVE-2015-4721 RESERVED CVE-2015-4720 - RESERVED + REJECTED CVE-2015-4719 RESERVED CVE-2015-4718 (The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x ...) @@ -13775,23 +13775,23 @@ CVE-2015-4444 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0 CVE-2015-4443 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2015-4442 - RESERVED + REJECTED CVE-2015-4441 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2015-4440 - RESERVED + REJECTED CVE-2015-4439 - RESERVED + REJECTED CVE-2015-4438 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2015-4437 - RESERVED + REJECTED CVE-2015-4436 - RESERVED + REJECTED CVE-2015-4435 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2015-4434 - RESERVED + REJECTED CVE-2015-4433 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...) NOT-FOR-US: Adobe Flash Player CVE-2015-4432 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and ...) @@ -14050,7 +14050,7 @@ CVE-2015-4302 (The web interface in Cisco FireSIGHT Management Center 5.3.1.4 al CVE-2015-4301 (Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated ...) NOT-FOR-US: Cisco CVE-2015-4300 - RESERVED + REJECTED CVE-2015-4299 (Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly ...) NOT-FOR-US: Cisco CVE-2015-4298 (Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) ...) @@ -14128,7 +14128,7 @@ CVE-2015-4263 (The Control and Provisioning functionality in Cisco Mobility Serv CVE-2015-4262 (The password-change feature in Cisco Unified MeetingPlace Web ...) NOT-FOR-US: Cisco Unified MeetingPlace CVE-2015-4261 - RESERVED + REJECTED CVE-2015-4260 (Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration ...) NOT-FOR-US: Cisco CVE-2015-4259 (The Integrated Management Controller on Cisco Unified Computing System ...) @@ -14148,13 +14148,13 @@ CVE-2015-4253 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePres CVE-2015-4252 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...) NOT-FOR-US: Cisco CVE-2015-4251 - RESERVED + REJECTED CVE-2015-4250 - RESERVED + REJECTED CVE-2015-4249 REJECTED CVE-2015-4248 - RESERVED + REJECTED CVE-2015-4247 REJECTED CVE-2015-4246 @@ -14674,7 +14674,7 @@ CVE-2015-4060 (Heap-based buffer overflow in the TermProxy (WLTermProxyService.e CVE-2015-4059 (Heap-based buffer overflow in the License Server (LicenseServer.exe) ...) NOT-FOR-US: Wavelink Terminal Emulation CVE-2015-4058 - RESERVED + REJECTED CVE-2015-4057 (The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations ...) NOT-FOR-US: VCE Vision Intelligent Operations CVE-2015-4056 (The System Library in VCE Vision Intelligent Operations before 2.6.5 ...) @@ -15101,7 +15101,7 @@ CVE-2015-3921 (Cross-site scripting (XSS) vulnerability in contact.php in Copper CVE-2015-3920 RESERVED CVE-2015-3919 - RESERVED + REJECTED CVE-2015-3918 RESERVED CVE-2015-3917 @@ -15683,7 +15683,7 @@ CVE-2015-3672 (Admin Framework in Apple OS X before 10.10.4 does not properly ha CVE-2015-3671 (Admin Framework in Apple OS X before 10.10.4 does not properly verify ...) NOT-FOR-US: Apple OS X CVE-2015-3670 - RESERVED + REJECTED CVE-2015-3669 (QT Media Foundation in Apple QuickTime before 7.7.7 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2015-3668 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X ...) @@ -17590,7 +17590,7 @@ CVE-2015-3096 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before CVE-2015-3095 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2015-3094 - RESERVED + REJECTED CVE-2015-3093 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) NOT-FOR-US: Adobe Flash CVE-2015-3092 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) @@ -17688,7 +17688,7 @@ CVE-2015-3047 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0 CVE-2015-3046 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) NOT-FOR-US: Adobe CVE-2015-3045 - RESERVED + REJECTED CVE-2015-3044 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...) NOT-FOR-US: Adobe Flash CVE-2015-3043 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...) @@ -18895,7 +18895,7 @@ CVE-2015-2673 CVE-2015-2671 RESERVED CVE-2015-2670 - RESERVED + REJECTED CVE-2015-2669 RESERVED CVE-2015-2668 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...) @@ -19203,7 +19203,7 @@ CVE-2015-2571 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earli CVE-2015-2570 (Unspecified vulnerability in the Oracle Demand Planning component in ...) NOT-FOR-US: Oracle CVE-2015-2569 - RESERVED + REJECTED CVE-2015-2568 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, ...) {DSA-3311-1 DSA-3229-1 DLA-359-1} - mysql-5.5 5.5.42-1 @@ -19245,7 +19245,7 @@ CVE-2015-2553 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP CVE-2015-2552 (The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 ...) NOT-FOR-US: Microsoft Windows CVE-2015-2551 - RESERVED + REJECTED CVE-2015-2550 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2015-2549 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...) @@ -19253,7 +19253,7 @@ CVE-2015-2549 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP CVE-2015-2548 (Use-after-free vulnerability in the Tablet Input Band in Windows Shell ...) NOT-FOR-US: Microsoft Windows CVE-2015-2547 - RESERVED + REJECTED CVE-2015-2546 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2015-2545 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows ...) @@ -19267,13 +19267,13 @@ CVE-2015-2542 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow re CVE-2015-2541 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2540 - RESERVED + REJECTED CVE-2015-2539 - RESERVED + REJECTED CVE-2015-2538 - RESERVED + REJECTED CVE-2015-2537 - RESERVED + REJECTED CVE-2015-2536 (Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 ...) NOT-FOR-US: Microsoft Lync CVE-2015-2535 (Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and ...) @@ -19281,7 +19281,7 @@ CVE-2015-2535 (Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 CVE-2015-2534 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows ...) NOT-FOR-US: Microsoft Windows CVE-2015-2533 - RESERVED + REJECTED CVE-2015-2532 (Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 ...) NOT-FOR-US: Microsoft Lync CVE-2015-2531 (Cross-site scripting (XSS) vulnerability in the jQuery engine in ...) @@ -19353,11 +19353,11 @@ CVE-2015-2499 (Microsoft Internet Explorer 7 through 11 allows remote attackers CVE-2015-2498 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2497 - RESERVED + REJECTED CVE-2015-2496 - RESERVED + REJECTED CVE-2015-2495 - RESERVED + REJECTED CVE-2015-2494 (Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2493 (The (1) VBScript and (2) JScript engines in Microsoft Internet ...) @@ -19371,7 +19371,7 @@ CVE-2015-2490 (Microsoft Internet Explorer 7 through 11 allows remote attackers CVE-2015-2489 (Microsoft Internet Explorer 11 allows remote attackers to gain ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2488 - RESERVED + REJECTED CVE-2015-2487 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2486 (Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow ...) @@ -19433,7 +19433,7 @@ CVE-2015-2459 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft CVE-2015-2458 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2015-2457 - RESERVED + REJECTED CVE-2015-2456 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) NOT-FOR-US: Microsoft Windows CVE-2015-2455 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) @@ -19469,13 +19469,13 @@ CVE-2015-2441 (Microsoft Internet Explorer 7 through 11 and Edge allow remote .. CVE-2015-2440 (Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers ...) NOT-FOR-US: Mirosoft XML Core Services CVE-2015-2439 - RESERVED + REJECTED CVE-2015-2438 - RESERVED + REJECTED CVE-2015-2437 - RESERVED + REJECTED CVE-2015-2436 - RESERVED + REJECTED CVE-2015-2435 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) NOT-FOR-US: Microsoft Windows CVE-2015-2434 (Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes ...) @@ -19529,15 +19529,15 @@ CVE-2015-2411 (Microsoft Internet Explorer 10 and 11 allows remote attackers to CVE-2015-2410 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2409 - RESERVED + REJECTED CVE-2015-2408 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2407 - RESERVED + REJECTED CVE-2015-2406 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2405 - RESERVED + REJECTED CVE-2015-2404 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2403 (Microsoft Internet Explorer 8 allows remote attackers to execute ...) @@ -19547,23 +19547,23 @@ CVE-2015-2402 (Microsoft Internet Explorer 7 through 11 allows remote attackers CVE-2015-2401 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2400 - RESERVED + REJECTED CVE-2015-2399 - RESERVED + REJECTED CVE-2015-2398 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2397 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2396 - RESERVED + REJECTED CVE-2015-2395 - RESERVED + REJECTED CVE-2015-2394 - RESERVED + REJECTED CVE-2015-2393 - RESERVED + REJECTED CVE-2015-2392 - RESERVED + REJECTED CVE-2015-2391 (Microsoft Internet Explorer 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2390 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) @@ -19575,7 +19575,7 @@ CVE-2015-2388 (Microsoft Internet Explorer 8 and 9 allows remote attackers to ex CVE-2015-2387 (ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2015-2386 - RESERVED + REJECTED CVE-2015-2385 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-2384 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) @@ -19701,11 +19701,11 @@ CVE-2015-2347 (Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst be CVE-2015-2346 (XML external entity (XXE) vulnerability in Huawei SEQ Analyst before ...) NOT-FOR-US: Huawei CVE-2015-2345 - RESERVED + REJECTED CVE-2015-2344 (Cross-site scripting (XSS) vulnerability in VMware vRealize Automation ...) NOT-FOR-US: VMware vRealize Automation CVE-2015-2343 - RESERVED + REJECTED CVE-2015-2342 (The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 ...) NOT-FOR-US: VMware CVE-2015-2341 (VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, ...) @@ -20295,7 +20295,7 @@ CVE-2015-2180 (The DBMail driver in the Password plugin in Roundcube before 1.1. CVE-2015-2179 RESERVED CVE-2015-2178 - RESERVED + REJECTED CVE-2015-2177 (Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a ...) NOT-FOR-US: Siemens CVE-2015-2176 @@ -20405,7 +20405,7 @@ CVE-2015-2140 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matr CVE-2015-2139 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix ...) NOT-FOR-US: HP Systems Insight Manager CVE-2015-2138 - RESERVED + REJECTED CVE-2015-2137 (Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, ...) NOT-FOR-US: HP Operations Manager i CVE-2015-2136 (HP ArcSight Logger before 6.0 P2 allows remote authenticated users to ...) @@ -20415,19 +20415,19 @@ CVE-2015-2135 (Unspecified vulnerability in HP Intelligent Provisioning 1.00 thr CVE-2015-2134 (Cross-site request forgery (CSRF) vulnerability in HP System ...) NOT-FOR-US: Hewlett-Packard CVE-2015-2133 - RESERVED + REJECTED CVE-2015-2132 (Unspecified vulnerability in the execve system-call implementation in ...) NOT-FOR-US: HP HP-UX CVE-2015-2131 - RESERVED + REJECTED CVE-2015-2130 - RESERVED + REJECTED CVE-2015-2129 - RESERVED + REJECTED CVE-2015-2128 - RESERVED + REJECTED CVE-2015-2127 - RESERVED + REJECTED CVE-2015-2126 (Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows ...) NOT-FOR-US: HP-UX (pppoec) CVE-2015-2125 (Unspecified vulnerability in HP WebInspect 7.x through 10.4 before ...) @@ -20443,7 +20443,7 @@ CVE-2015-2121 (HP Network Virtualization for LoadRunner and Performance Center 8 CVE-2015-2120 (Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x ...) NOT-FOR-US: HP SiteScope CVE-2015-2119 - RESERVED + REJECTED CVE-2015-2118 (Unspecified vulnerability in the Secure Pull Print and Security Pull ...) NOT-FOR-US: HP Access Control Software CVE-2015-2117 (HP TippingPoint Security Management System (SMS) and TippingPoint ...) @@ -21466,13 +21466,13 @@ CVE-2015-1751 (Microsoft Internet Explorer 10 allows remote attackers to execute CVE-2015-1750 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1749 - RESERVED + REJECTED CVE-2015-1748 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1747 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1746 - RESERVED + REJECTED CVE-2015-1745 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1744 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) @@ -21496,7 +21496,7 @@ CVE-2015-1736 (Microsoft Internet Explorer 10 and 11 allows remote attackers to CVE-2015-1735 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1734 - RESERVED + REJECTED CVE-2015-1733 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1732 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) @@ -21550,7 +21550,7 @@ CVE-2015-1709 (Microsoft Internet Explorer 7 through 11 allows remote attackers CVE-2015-1708 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1707 - RESERVED + REJECTED CVE-2015-1706 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1705 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) @@ -21578,13 +21578,13 @@ CVE-2015-1695 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, CVE-2015-1694 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1693 - RESERVED + REJECTED CVE-2015-1692 (Microsoft Internet Explorer 7 through 11 allows user-assisted remote ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1691 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1690 - RESERVED + REJECTED CVE-2015-1689 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1688 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...) @@ -21626,7 +21626,7 @@ CVE-2015-1671 (The Windows DirectWrite library, as used in Microsoft .NET Framew CVE-2015-1670 (The Windows DirectWrite library, as used in Microsoft .NET Framework ...) NOT-FOR-US: Microsoft CVE-2015-1669 - RESERVED + REJECTED CVE-2015-1668 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1667 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...) @@ -21636,9 +21636,9 @@ CVE-2015-1666 (Microsoft Internet Explorer 6 through 11 allows remote attackers CVE-2015-1665 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1664 - RESERVED + REJECTED CVE-2015-1663 - RESERVED + REJECTED CVE-2015-1662 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1661 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) @@ -21652,11 +21652,11 @@ CVE-2015-1658 (Microsoft Internet Explorer 11 allows remote attackers to execute CVE-2015-1657 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1656 - RESERVED + REJECTED CVE-2015-1655 - RESERVED + REJECTED CVE-2015-1654 - RESERVED + REJECTED CVE-2015-1653 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...) NOT-FOR-US: Microsoft CVE-2015-1652 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) @@ -23615,9 +23615,9 @@ CVE-2015-1048 (Open redirect vulnerability in the integrated web server on Sieme CVE-2015-1047 (vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 ...) NOT-FOR-US: VMware vCenter CVE-2015-1046 - RESERVED + REJECTED CVE-2015-1045 - RESERVED + REJECTED CVE-2015-1044 (vmware-authd (aka the Authorization process) in VMware Workstation ...) NOT-FOR-US: VMware CVE-2015-1043 (The Host Guest File System (HGFS) in VMware Workstation 10.x before ...) @@ -23701,7 +23701,7 @@ CVE-2015-1006 CVE-2015-1005 (IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE ...) NOT-FOR-US: IniNet CVE-2015-1004 - RESERVED + REJECTED CVE-2015-1003 (Directory traversal vulnerability in IniNet embeddedWebServer (aka ...) NOT-FOR-US: IniNet CVE-2015-1002 (IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL ...) @@ -24049,7 +24049,7 @@ CVE-2015-0874 CVE-2015-0873 (Cross-site scripting (XSS) vulnerability in Homepage Decorator ...) NOT-FOR-US: PerlTreeBBS CVE-2015-0872 - RESERVED + REJECTED CVE-2015-0871 (Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI ...) NOT-FOR-US: Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK CVE-2015-0870 (Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory ...) @@ -24382,17 +24382,17 @@ CVE-2015-0794 (modules.d/90crypt/module-setup.sh in the dracut package before .. NOTE: This seem to be a SuSE specific issue. src:dracut does not contain unsafe NOTE: handling of a /tmp/dracut_block_uuid.map file in any checked version. CVE-2015-0793 - RESERVED + REJECTED CVE-2015-0792 - RESERVED + REJECTED CVE-2015-0791 - RESERVED + REJECTED CVE-2015-0790 - RESERVED + REJECTED CVE-2015-0789 - RESERVED + REJECTED CVE-2015-0788 - RESERVED + REJECTED CVE-2015-0787 (XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote ...) NOT-FOR-US: NetIQ Designer for Identity Manager CVE-2015-0786 @@ -24993,7 +24993,7 @@ CVE-2015-0541 (Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Th CVE-2015-0540 (SQL injection vulnerability in the xAdmin interface in EMC Document ...) NOT-FOR-US: EMC Document Sciences xPression CVE-2015-0539 - RESERVED + REJECTED CVE-2015-0538 (ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 ...) NOT-FOR-US: EMC AutoStart CVE-2015-0537 (Integer underflow in the base64-decoding implementation in EMC RSA ...) @@ -25031,7 +25031,7 @@ CVE-2015-0522 (Cross-site scripting (XSS) vulnerability in EMC RSA Certificate . CVE-2015-0521 (Cross-site scripting (XSS) vulnerability in EMC RSA Certificate ...) NOT-FOR-US: RSA CVE-2015-0520 - RESERVED + REJECTED CVE-2015-0519 (The InputAccel Database (IADB) installation process in EMC Captiva ...) NOT-FOR-US: EMC Captiva Capture CVE-2015-0518 (The Properties service in the D2FS web-service component in EMC ...) @@ -25147,7 +25147,7 @@ CVE-2015-0483 (Unspecified vulnerability in the Core RDBMS component in Oracle . CVE-2015-0482 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) NOT-FOR-US: Oracle CVE-2015-0481 - RESERVED + REJECTED CVE-2015-0480 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...) {DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1} - openjdk-8 8u45-b14-1 @@ -25225,7 +25225,7 @@ CVE-2015-0456 (Unspecified vulnerability in the Oracle WebCenter Portal componen CVE-2015-0455 (Unspecified vulnerability in the XDB - XML Database component in ...) NOT-FOR-US: Oracle CVE-2015-0454 - RESERVED + REJECTED CVE-2015-0453 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle CVE-2015-0452 (Unspecified vulnerability in the Oracle VM Server for SPARC component ...) @@ -25249,7 +25249,7 @@ CVE-2015-0444 (Unspecified vulnerability in the Oracle Data Integrator component CVE-2015-0443 (Unspecified vulnerability in the Oracle Data Integrator component in ...) NOT-FOR-US: Oracle Fusion CVE-2015-0442 - RESERVED + REJECTED CVE-2015-0441 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, ...) {DSA-3311-1 DSA-3229-1} - mysql-5.5 5.5.42-1 @@ -26226,9 +26226,9 @@ CVE-2015-0085 (Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel CVE-2015-0084 (The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) NOT-FOR-US: Microsoft CVE-2015-0083 - RESERVED + REJECTED CVE-2015-0082 - RESERVED + REJECTED CVE-2015-0081 (Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, ...) NOT-FOR-US: Microsoft CVE-2015-0080 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...) @@ -26298,7 +26298,7 @@ CVE-2015-0049 (Microsoft Internet Explorer 8 and 10 allows remote attackers to . CVE-2015-0048 (Microsoft Internet Explorer 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-0047 - RESERVED + REJECTED CVE-2015-0046 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-0045 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...) @@ -26324,9 +26324,9 @@ CVE-2015-0036 (Microsoft Internet Explorer 6 through 11 allows remote attackers CVE-2015-0035 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-0034 - RESERVED + REJECTED CVE-2015-0033 - RESERVED + REJECTED CVE-2015-0032 (vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with ...) NOT-FOR-US: Microsoft CVE-2015-0031 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) @@ -26344,7 +26344,7 @@ CVE-2015-0026 (Microsoft Internet Explorer 6 through 11 allows remote attackers CVE-2015-0025 (Microsoft Internet Explorer 10 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-0024 - RESERVED + REJECTED CVE-2015-0023 (Microsoft Internet Explorer 10 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-0022 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) @@ -26366,7 +26366,7 @@ CVE-2015-0015 (Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, an CVE-2015-0014 (Buffer overflow in the Telnet service in Microsoft Windows Server 2003 ...) NOT-FOR-US: Microsoft Windows CVE-2015-0013 - RESERVED + REJECTED CVE-2015-0012 (Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update ...) NOT-FOR-US: Microsoft CVE-2015-0011 (mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in ...) @@ -26378,7 +26378,7 @@ CVE-2015-0009 (The Group Policy Security Configuration policy implementation in CVE-2015-0008 (The UNC implementation in Microsoft Windows Server 2003 SP2, Windows ...) NOT-FOR-US: Microsoft CVE-2015-0007 - RESERVED + REJECTED CVE-2015-0006 (The Network Location Awareness (NLA) service in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2015-0005 (The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 03502989ac..36fa1ea2c1 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -5,8 +5,8 @@ CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrit NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2612 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d -CVE-2016-10370 - RESERVED +CVE-2016-10370 (An issue was discovered on OnePlus devices such as the 3T. The OnePlus ...) + TODO: check CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a ...) {DLA-935-1} - lxterminal 0.3.0-2 (low; bug #862098) @@ -1170,25 +1170,25 @@ CVE-2016-5103 CVE-2016-10027 (Race condition in the XMPP library in Smack before 4.1.9, when the ...) - libsmack-java <itp> (bug #640873) CVE-2016-10023 - RESERVED + REJECTED CVE-2016-10022 - RESERVED + REJECTED CVE-2016-10021 - RESERVED + REJECTED CVE-2016-10020 - RESERVED + REJECTED CVE-2016-10019 - RESERVED + REJECTED CVE-2016-10018 - RESERVED + REJECTED CVE-2016-10017 - RESERVED + REJECTED CVE-2016-10016 - RESERVED + REJECTED CVE-2016-10015 - RESERVED + REJECTED CVE-2016-10014 - RESERVED + REJECTED CVE-2016-9645 [incomplete fix for CVE-2016-10026] RESERVED - ikiwiki 3.20161229 @@ -1234,9 +1234,9 @@ CVE-2016-10029 (The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) CVE-2016-9999 RESERVED CVE-2016-9996 - RESERVED + REJECTED CVE-2016-9995 - RESERVED + REJECTED CVE-2016-9994 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...) NOT-FOR-US: IBM CVE-2016-9993 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...) @@ -1601,7 +1601,7 @@ CVE-2016-9917 (In BlueZ 5.42, a buffer overflow was observed in "read_n&quo [wheezy] - bluez <no-dsa> (Minor issue) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html CVE-2016-9906 - RESERVED + REJECTED CVE-2016-9905 RESERVED {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} @@ -1713,13 +1713,13 @@ CVE-2016-9886 CVE-2016-9885 (An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior ...) NOT-FOR-US: Pivotal GemFire for PCF CVE-2016-9884 - RESERVED + REJECTED CVE-2016-9883 - RESERVED + REJECTED CVE-2016-9882 (An issue was discovered in Cloud Foundry Foundation cf-release versions ...) NOT-FOR-US: Cloud Foundry Foundation cf-release CVE-2016-9881 - RESERVED + REJECTED CVE-2016-9880 RESERVED CVE-2016-9879 (An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x ...) @@ -1886,65 +1886,65 @@ CVE-2016-9796 (Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different O CVE-2016-9795 (The casrvc program in CA Common Services, as used in CA Client ...) NOT-FOR-US: CA Common Services CVE-2016-9792 - RESERVED + REJECTED CVE-2016-9791 - RESERVED + REJECTED CVE-2016-9790 - RESERVED + REJECTED CVE-2016-9789 - RESERVED + REJECTED CVE-2016-9788 - RESERVED + REJECTED CVE-2016-9787 - RESERVED + REJECTED CVE-2016-9786 - RESERVED + REJECTED CVE-2016-9785 - RESERVED + REJECTED CVE-2016-9784 - RESERVED + REJECTED CVE-2016-9783 - RESERVED + REJECTED CVE-2016-9782 - RESERVED + REJECTED CVE-2016-9781 - RESERVED + REJECTED CVE-2016-9780 - RESERVED + REJECTED CVE-2016-9779 - RESERVED + REJECTED CVE-2016-9778 [An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c] RESERVED - bind9 <not-affected> (Only Supported Preview Edition/Subscription Edition and 9.11.x) NOTE: https://kb.isc.org/article/AA-01442/0 CVE-2016-9771 - RESERVED + REJECTED CVE-2016-9770 - RESERVED + REJECTED CVE-2016-9769 - RESERVED + REJECTED CVE-2016-9768 - RESERVED + REJECTED CVE-2016-9767 - RESERVED + REJECTED CVE-2016-9766 - RESERVED + REJECTED CVE-2016-9765 - RESERVED + REJECTED CVE-2016-9764 - RESERVED + REJECTED CVE-2016-9763 - RESERVED + REJECTED CVE-2016-9762 - RESERVED + REJECTED CVE-2016-9761 - RESERVED + REJECTED CVE-2016-9760 - RESERVED + REJECTED CVE-2016-9759 - RESERVED + REJECTED CVE-2016-9758 - RESERVED + REJECTED CVE-2016-9757 (In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user ...) NOT-FOR-US: Rapid7 Nexpose CVE-2016-9846 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator ...) @@ -2242,13 +2242,13 @@ CVE-2016-9692 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable CVE-2016-9691 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a ...) NOT-FOR-US: IBM CVE-2016-9690 - RESERVED + REJECTED CVE-2016-9689 - RESERVED + REJECTED CVE-2016-9688 - RESERVED + REJECTED CVE-2016-9687 - RESERVED + REJECTED CVE-2016-9686 (The Puppet Communications Protocol (PCP) Broker incorrectly validates ...) - puppet <not-affected> (Only affects Puppet Enterprise) CVE-2016-9804 (In BlueZ 5.42, a buffer overflow was observed in "commands_dump" ...) @@ -2374,49 +2374,49 @@ CVE-2016-9677 (Citrix Provisioning Services before 7.12 allows attackers to obta CVE-2016-9676 (Buffer overflow in Citrix Provisioning Services before 7.12 allows ...) NOT-FOR-US: Citrix CVE-2016-9674 - RESERVED + REJECTED CVE-2016-9673 - RESERVED + REJECTED CVE-2016-9672 - RESERVED + REJECTED CVE-2016-9671 - RESERVED + REJECTED CVE-2016-9670 - RESERVED + REJECTED CVE-2016-9669 - RESERVED + REJECTED CVE-2016-9668 - RESERVED + REJECTED CVE-2016-9667 - RESERVED + REJECTED CVE-2016-9666 - RESERVED + REJECTED CVE-2016-9665 - RESERVED + REJECTED CVE-2016-9664 - RESERVED + REJECTED CVE-2016-9663 - RESERVED + REJECTED CVE-2016-9662 - RESERVED + REJECTED CVE-2016-9661 - RESERVED + REJECTED CVE-2016-9660 - RESERVED + REJECTED CVE-2016-9659 - RESERVED + REJECTED CVE-2016-9658 - RESERVED + REJECTED CVE-2016-9657 - RESERVED + REJECTED CVE-2016-9656 - RESERVED + REJECTED CVE-2016-9655 - RESERVED + REJECTED CVE-2016-9654 - RESERVED + REJECTED CVE-2016-9653 - RESERVED + REJECTED CVE-2016-9652 RESERVED {DSA-3731-1} @@ -2477,33 +2477,33 @@ CVE-2016-9637 (The (1) ioport_read and (2) ioport_write functions in Xen, when q NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://xenbits.xen.org/xsa/advisory-199.html CVE-2016-9620 - RESERVED + REJECTED CVE-2016-9619 - RESERVED + REJECTED CVE-2016-9618 - RESERVED + REJECTED CVE-2016-9617 - RESERVED + REJECTED CVE-2016-9616 - RESERVED + REJECTED CVE-2016-9615 - RESERVED + REJECTED CVE-2016-9614 - RESERVED + REJECTED CVE-2016-9613 - RESERVED + REJECTED CVE-2016-9612 - RESERVED + REJECTED CVE-2016-9611 - RESERVED + REJECTED CVE-2016-9610 - RESERVED + REJECTED CVE-2016-9609 - RESERVED + REJECTED CVE-2016-9608 - RESERVED + REJECTED CVE-2016-9607 - RESERVED + REJECTED CVE-2016-9606 RESERVED - resteasy <unfixed> (bug #851430) @@ -2632,7 +2632,7 @@ CVE-2016-9583 [Out of bounds heap read in jpc_pi_nextpcrl()] NOTE: This can be done when more important issues are found [wheezy]. NOTE: Not suitable for code injection, hardly denial of service CVE-2016-9582 - RESERVED + REJECTED CVE-2016-9581 [infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1] RESERVED - openjpeg2 <unfixed> (unimportant) @@ -2771,67 +2771,67 @@ CVE-2016-9542 CVE-2016-9541 RESERVED CVE-2016-9531 - RESERVED + REJECTED CVE-2016-9530 - RESERVED + REJECTED CVE-2016-9529 - RESERVED + REJECTED CVE-2016-9528 - RESERVED + REJECTED CVE-2016-9527 - RESERVED + REJECTED CVE-2016-9526 - RESERVED + REJECTED CVE-2016-9525 - RESERVED + REJECTED CVE-2016-9524 - RESERVED + REJECTED CVE-2016-9523 - RESERVED + REJECTED CVE-2016-9522 - RESERVED + REJECTED CVE-2016-9521 - RESERVED + REJECTED CVE-2016-9520 - RESERVED + REJECTED CVE-2016-9519 - RESERVED + REJECTED CVE-2016-9518 - RESERVED + REJECTED CVE-2016-9517 - RESERVED + REJECTED CVE-2016-9516 - RESERVED + REJECTED CVE-2016-9515 - RESERVED + REJECTED CVE-2016-9514 - RESERVED + REJECTED CVE-2016-9513 - RESERVED + REJECTED CVE-2016-9512 - RESERVED + REJECTED CVE-2016-9511 - RESERVED + REJECTED CVE-2016-9510 - RESERVED + REJECTED CVE-2016-9509 - RESERVED + REJECTED CVE-2016-9508 - RESERVED + REJECTED CVE-2016-9507 - RESERVED + REJECTED CVE-2016-9506 - RESERVED + REJECTED CVE-2016-9505 - RESERVED + REJECTED CVE-2016-9504 - RESERVED + REJECTED CVE-2016-9503 - RESERVED + REJECTED CVE-2016-9502 - RESERVED + REJECTED CVE-2016-9501 - RESERVED + REJECTED CVE-2016-9500 RESERVED CVE-2016-9499 @@ -3138,15 +3138,15 @@ CVE-2016-9480 (libdwarf 2016-10-21 allows context-dependent attackers to obtain CVE-2016-9479 (The "lost password" functionality in b2evolution before 6.7.9 allows ...) - b2evolution <removed> CVE-2016-9478 - RESERVED + REJECTED CVE-2016-9477 - RESERVED + REJECTED CVE-2016-9476 - RESERVED + REJECTED CVE-2016-9475 - RESERVED + REJECTED CVE-2016-9474 - RESERVED + REJECTED CVE-2016-9473 (Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and ...) NOT-FOR-US: Brave Browser CVE-2016-9472 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The ...) @@ -3180,7 +3180,7 @@ CVE-2016-9460 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 CVE-2016-9459 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are ...) - nextcloud <itp> (bug #835086) CVE-2016-9458 - RESERVED + REJECTED CVE-2016-9457 (Revive Adserver before 3.2.3 suffers from Reflected XSS. ...) NOT-FOR-US: Revive Adserver CVE-2016-9456 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ...) @@ -3414,7 +3414,7 @@ CVE-2016-9377 (Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, CVE-2016-9371 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...) NOT-FOR-US: Moxa CVE-2016-9370 - RESERVED + REJECTED CVE-2016-9369 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...) NOT-FOR-US: Moxa CVE-2016-9368 (An issue was discovered in Eaton xComfort Ethernet Communication ...) @@ -3436,7 +3436,7 @@ CVE-2016-9361 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, CVE-2016-9360 (An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX ...) NOT-FOR-US: General Electric CVE-2016-9359 - RESERVED + REJECTED CVE-2016-9358 RESERVED CVE-2016-9357 (An issue was discovered in certain legacy Eaton ePDUs -- the affected ...) @@ -3450,11 +3450,11 @@ CVE-2016-9354 (An issue was discovered in Moxa DACenter Versions 1.4 and older. CVE-2016-9353 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...) NOT-FOR-US: Advantech SUISAccess Server CVE-2016-9352 - RESERVED + REJECTED CVE-2016-9351 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...) NOT-FOR-US: Advantech SUISAccess Server CVE-2016-9350 - RESERVED + REJECTED CVE-2016-9349 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...) NOT-FOR-US: Advantech SUISAccess Server CVE-2016-9348 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...) @@ -3470,11 +3470,11 @@ CVE-2016-9344 (An issue was discovered in Moxa MiiNePort E1 versions prior to 1. CVE-2016-9343 (An issue was discovered in Rockwell Automation Logix5000 Programmable ...) NOT-FOR-US: Rockwell CVE-2016-9342 - RESERVED + REJECTED CVE-2016-9341 - RESERVED + REJECTED CVE-2016-9340 - RESERVED + REJECTED CVE-2016-9339 (An issue was discovered in INTERSCHALT Maritime Systems VDR G4e ...) NOT-FOR-US: INTERSCHALT Maritime Systems CVE-2016-9338 (An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix ...) @@ -3482,7 +3482,7 @@ CVE-2016-9338 (An issue was discovered in Rockwell Automation Allen-Bradley Micr CVE-2016-9337 (An issue was discovered in Tesla Motors Model S automobile, all ...) NOT-FOR-US: Tesla car CVE-2016-9336 - RESERVED + REJECTED CVE-2016-9335 RESERVED CVE-2016-9334 (An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix ...) @@ -3755,25 +3755,25 @@ CVE-2016-9376 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow diss NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html NOTE: https://www.wireshark.org/security/wnpa-sec-2016-60.html CVE-2016-9331 - RESERVED + REJECTED CVE-2016-9330 - RESERVED + REJECTED CVE-2016-9329 - RESERVED + REJECTED CVE-2016-9328 - RESERVED + REJECTED CVE-2016-9327 - RESERVED + REJECTED CVE-2016-9326 - RESERVED + REJECTED CVE-2016-9325 - RESERVED + REJECTED CVE-2016-9324 - RESERVED + REJECTED CVE-2016-9323 - RESERVED + REJECTED CVE-2016-9322 - RESERVED + REJECTED CVE-2016-9400 (The CClient::ProcessServerPacket method in engine/client/client.cpp in ...) - teeworlds 0.6.4+dfsg-1 (bug #844546) [jessie] - teeworlds <no-dsa> (Minor issue; can be fixed via point release) @@ -4082,37 +4082,37 @@ CVE-2016-9243 (HKDF in cryptography before 1.5.2 returns an empty byte-string if CVE-2016-9242 (Multiple SQL injection vulnerabilities in the update method in ...) NOT-FOR-US: Exponent CMS CVE-2016-9241 - RESERVED + REJECTED CVE-2016-9240 - RESERVED + REJECTED CVE-2016-9239 - RESERVED + REJECTED CVE-2016-9238 - RESERVED + REJECTED CVE-2016-9237 - RESERVED + REJECTED CVE-2016-9236 - RESERVED + REJECTED CVE-2016-9235 - RESERVED + REJECTED CVE-2016-9234 - RESERVED + REJECTED CVE-2016-9233 - RESERVED + REJECTED CVE-2016-9232 - RESERVED + REJECTED CVE-2016-9231 - RESERVED + REJECTED CVE-2016-9230 - RESERVED + REJECTED CVE-2016-9229 - RESERVED + REJECTED CVE-2016-9228 - RESERVED + REJECTED CVE-2016-9227 - RESERVED + REJECTED CVE-2016-9226 - RESERVED + REJECTED CVE-2016-9225 (A vulnerability in the data plane IP fragment handler of the Cisco ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2016-9224 (A vulnerability in the Cisco Jabber Guest Server could allow an ...) @@ -4138,7 +4138,7 @@ CVE-2016-9215 (A vulnerability in Cisco IOS XR Software could allow an authentic CVE-2016-9214 (Cisco Identity Services Engine (ISE) contains a vulnerability that ...) NOT-FOR-US: Cisco CVE-2016-9213 - RESERVED + REJECTED CVE-2016-9212 (A vulnerability in the Decrypt for End-User Notification configuration ...) NOT-FOR-US: Cisco CVE-2016-9211 (A vulnerability in TCP port management in Cisco ONS 15454 Series ...) @@ -4223,17 +4223,17 @@ CVE-2016-9177 (Directory traversal vulnerability in Spark 2.5 allows remote atta CVE-2016-9176 (Stack buffer overflow in the send.exe and receive.exe components of ...) NOT-FOR-US: Micro Focus Rumba CVE-2016-9175 - RESERVED + REJECTED CVE-2016-9174 - RESERVED + REJECTED CVE-2016-9173 - RESERVED + REJECTED CVE-2016-9172 - RESERVED + REJECTED CVE-2016-9171 - RESERVED + REJECTED CVE-2016-9170 - RESERVED + REJECTED CVE-2016-9169 (A reflected XSS vulnerability exists in the web console of the Document ...) NOT-FOR-US: Novell CVE-2016-9168 (A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in ...) @@ -4247,11 +4247,11 @@ CVE-2016-9165 (The get_sessions servlet in CA Unified Infrastructure Management CVE-2016-9164 (Directory traversal vulnerability in diag.jsp file in CA Unified ...) NOT-FOR-US: CA Unified Infrastructure Management CVE-2016-9163 - RESERVED + REJECTED CVE-2016-9162 - RESERVED + REJECTED CVE-2016-9161 - RESERVED + REJECTED CVE-2016-9160 (A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC ...) NOT-FOR-US: Siemens SIMATIC WinCC CVE-2016-9159 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions ...) @@ -4313,15 +4313,15 @@ CVE-2016-9178 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in CVE-2016-9146 RESERVED CVE-2016-9145 - RESERVED + REJECTED CVE-2016-9144 - RESERVED + REJECTED CVE-2016-9143 - RESERVED + REJECTED CVE-2016-9142 - RESERVED + REJECTED CVE-2016-9141 - RESERVED + REJECTED CVE-2016-9181 (perl-Image-Info: When parsing an SVG file, external entity expansion ...) - libimage-info-perl 1.39-1 (bug #842891) [jessie] - libimage-info-perl <no-dsa> (Minor issue) @@ -4437,23 +4437,23 @@ CVE-2016-9111 (Incorrect access control mechanisms in Citrix Receiver Desktop Lo CVE-2016-9110 RESERVED CVE-2016-9100 - RESERVED + REJECTED CVE-2016-9099 - RESERVED + REJECTED CVE-2016-9098 - RESERVED + REJECTED CVE-2016-9097 - RESERVED + REJECTED CVE-2016-9096 - RESERVED + REJECTED CVE-2016-9095 - RESERVED + REJECTED CVE-2016-9094 RESERVED CVE-2016-9093 RESERVED CVE-2016-9092 - RESERVED + REJECTED CVE-2016-9091 (Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content ...) NOT-FOR-US: Blue Coat Advanced Secure Gateway CVE-2016-9090 @@ -4621,17 +4621,17 @@ CVE-2016-9061 RESERVED - firefox <not-affected> (Only affects Firefox on Android) CVE-2016-9060 - RESERVED + REJECTED CVE-2016-9059 - RESERVED + REJECTED CVE-2016-9058 - RESERVED + REJECTED CVE-2016-9057 - RESERVED + REJECTED CVE-2016-9056 - RESERVED + REJECTED CVE-2016-9055 - RESERVED + REJECTED CVE-2016-9054 (An exploitable stack-based buffer overflow vulnerability exists in the ...) NOT-FOR-US: Aerospike Database CVE-2016-9053 (An exploitable out-of-bounds indexing vulnerability exists within the ...) @@ -5194,9 +5194,9 @@ CVE-2016-8802 (The security policy processing module in Huawei Secospace USG6300 CVE-2016-8801 (Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions ...) NOT-FOR-US: Huawei CVE-2016-8800 - RESERVED + REJECTED CVE-2016-8799 - RESERVED + REJECTED CVE-2016-8798 (Huawei USG5500 with software V300R001C00 and V300R001C00 allows ...) NOT-FOR-US: Huawei CVE-2016-8797 (Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; ...) @@ -5218,9 +5218,9 @@ CVE-2016-8790 (Huawei CloudEngine 5800 with software before V200R001C00SPC700, . CVE-2016-8789 (Huawei eSpace Integrated Access Device (IAD) with software ...) NOT-FOR-US: Huawei CVE-2016-8788 - RESERVED + REJECTED CVE-2016-8787 - RESERVED + REJECTED CVE-2016-8786 RESERVED CVE-2016-8785 @@ -5238,9 +5238,9 @@ CVE-2016-8780 (Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00 CVE-2016-8779 (Huawei FusionAccess with software V100R005C10 and V100R005C20 could ...) NOT-FOR-US: Huawei CVE-2016-8778 - RESERVED + REJECTED CVE-2016-8777 - RESERVED + REJECTED CVE-2016-8776 (Huawei P9 phones with software ...) NOT-FOR-US: Huawei CVE-2016-8775 (Touch Panel (TP) driver in Huawei NEM phones with software Versions ...) @@ -5250,11 +5250,11 @@ CVE-2016-8774 (The HIFI driver in Huawei Mate 8 phones with software versions be CVE-2016-8773 (Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, ...) NOT-FOR-US: Huawei CVE-2016-8772 - RESERVED + REJECTED CVE-2016-8771 - RESERVED + REJECTED CVE-2016-8770 - RESERVED + REJECTED CVE-2016-8769 (Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted ...) NOT-FOR-US: Huawei CVE-2016-8768 (Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions ...) @@ -5262,9 +5262,9 @@ CVE-2016-8768 (Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versio CVE-2016-8767 RESERVED CVE-2016-8766 - RESERVED + REJECTED CVE-2016-8765 - RESERVED + REJECTED CVE-2016-8764 (The TrustZone driver in Huawei P9 phones with software Versions ...) NOT-FOR-US: Huawei CVE-2016-8763 (The TrustZone driver in Huawei P9 phones with software Versions earlier ...) @@ -5284,7 +5284,7 @@ CVE-2016-8757 (ION memory management module in Huawei P9 phones with software .. CVE-2016-8756 (ION memory management module in Huawei Mate 8 phones with software ...) NOT-FOR-US: Huawei CVE-2016-8755 - RESERVED + REJECTED CVE-2016-8754 (Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key ...) NOT-FOR-US: Huawei CVE-2016-8753 @@ -5753,13 +5753,13 @@ CVE-2016-8667 (The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick . [wheezy] - qemu-kvm <not-affected> (Code only affects mips platform) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html CVE-2016-8665 - RESERVED + REJECTED CVE-2016-8664 - RESERVED + REJECTED CVE-2016-8663 - RESERVED + REJECTED CVE-2016-8662 - RESERVED + REJECTED CVE-2016-8661 (Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow ...) NOT-FOR-US: Little Snitch CVE-2016-8657 @@ -6228,7 +6228,7 @@ CVE-2016-8525 RESERVED NOT-FOR-US: HPE iMC PLAT CVE-2016-8524 - RESERVED + REJECTED CVE-2016-8523 RESERVED NOT-FOR-US: HP Smart Storage Administrator @@ -6283,9 +6283,9 @@ CVE-2016-8502 (Yandex Protect Anti-phishing warning in Yandex Browser for deskto CVE-2016-8501 (Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 ...) NOT-FOR-US: Yandex Browser CVE-2016-8500 - RESERVED + REJECTED CVE-2016-8499 - RESERVED + REJECTED CVE-2016-8498 RESERVED CVE-2016-8497 @@ -6750,7 +6750,7 @@ CVE-2016-8351 CVE-2016-8350 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 ...) NOT-FOR-US: Moxa CVE-2016-8349 - RESERVED + REJECTED CVE-2016-8348 (An XML External Entity (XXE) issue was discovered in Emerson Liebert ...) NOT-FOR-US: Emerson CVE-2016-8347 (An issue was discovered in Kabona AB WebDatorCentral (WDC) application ...) @@ -6758,13 +6758,13 @@ CVE-2016-8347 (An issue was discovered in Kabona AB WebDatorCentral (WDC) applic CVE-2016-8346 (An issue was discovered in Moxa EDR-810 Industrial Secure Router. By ...) NOT-FOR-US: Moxa CVE-2016-8345 - RESERVED + REJECTED CVE-2016-8344 (An issue was discovered in Honeywell Experion Process Knowledge System ...) NOT-FOR-US: Honeywell CVE-2016-8343 (Directory traversal vulnerability in INDAS Web SCADA before 3 allows ...) NOT-FOR-US: INDAS Web SCADA CVE-2016-8342 - RESERVED + REJECTED CVE-2016-8341 (An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The ...) NOT-FOR-US: Ecava CVE-2016-8340 @@ -6823,7 +6823,7 @@ CVE-2016-8323 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Or CVE-2016-8322 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2016-8321 - RESERVED + REJECTED CVE-2016-8320 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2016-8319 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...) @@ -7023,71 +7023,71 @@ CVE-2016-8272 (Huawei PC client software HiSuite 4.0.5.300_OVE has an informatio CVE-2016-8271 (Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an ...) NOT-FOR-US: Huawei CVE-2016-8270 - RESERVED + REJECTED CVE-2016-8269 - RESERVED + REJECTED CVE-2016-8268 - RESERVED + REJECTED CVE-2016-8267 - RESERVED + REJECTED CVE-2016-8266 - RESERVED + REJECTED CVE-2016-8265 - RESERVED + REJECTED CVE-2016-8264 - RESERVED + REJECTED CVE-2016-8263 - RESERVED + REJECTED CVE-2016-8262 - RESERVED + REJECTED CVE-2016-8261 - RESERVED + REJECTED CVE-2016-8260 - RESERVED + REJECTED CVE-2016-8259 - RESERVED + REJECTED CVE-2016-8258 - RESERVED + REJECTED CVE-2016-8257 - RESERVED + REJECTED CVE-2016-8256 - RESERVED + REJECTED CVE-2016-8255 - RESERVED + REJECTED CVE-2016-8254 - RESERVED + REJECTED CVE-2016-8253 - RESERVED + REJECTED CVE-2016-8252 - RESERVED + REJECTED CVE-2016-8251 - RESERVED + REJECTED CVE-2016-8250 - RESERVED + REJECTED CVE-2016-8249 - RESERVED + REJECTED CVE-2016-8248 - RESERVED + REJECTED CVE-2016-8247 - RESERVED + REJECTED CVE-2016-8246 - RESERVED + REJECTED CVE-2016-8245 - RESERVED + REJECTED CVE-2016-8244 - RESERVED + REJECTED CVE-2016-8243 - RESERVED + REJECTED CVE-2016-8242 - RESERVED + REJECTED CVE-2016-8241 - RESERVED + REJECTED CVE-2016-8240 - RESERVED + REJECTED CVE-2016-8239 - RESERVED + REJECTED CVE-2016-8238 - RESERVED + REJECTED CVE-2016-8237 (Remote code execution in Lenovo Updates (not Lenovo System Update) ...) NOT-FOR-US: Lenovo CVE-2016-8236 (Reset to default settings may occur in Lenovo ThinkServer TSM RD350, ...) @@ -7402,105 +7402,105 @@ CVE-2016-8101 (The updater subsystem in Intel SSD Toolbox before 3.3.7 allows lo CVE-2016-8100 (Intel Integrated Performance Primitives (aka IPP) Cryptography before ...) NOT-FOR-US: Intel CVE-2016-8099 - RESERVED + REJECTED CVE-2016-8098 - RESERVED + REJECTED CVE-2016-8097 - RESERVED + REJECTED CVE-2016-8096 - RESERVED + REJECTED CVE-2016-8095 - RESERVED + REJECTED CVE-2016-8094 - RESERVED + REJECTED CVE-2016-8093 - RESERVED + REJECTED CVE-2016-8092 - RESERVED + REJECTED CVE-2016-8091 - RESERVED + REJECTED CVE-2016-8090 - RESERVED + REJECTED CVE-2016-8089 - RESERVED + REJECTED CVE-2016-8088 - RESERVED + REJECTED CVE-2016-8087 - RESERVED + REJECTED CVE-2016-8086 - RESERVED + REJECTED CVE-2016-8085 - RESERVED + REJECTED CVE-2016-8084 - RESERVED + REJECTED CVE-2016-8083 - RESERVED + REJECTED CVE-2016-8082 - RESERVED + REJECTED CVE-2016-8081 - RESERVED + REJECTED CVE-2016-8080 - RESERVED + REJECTED CVE-2016-8079 - RESERVED + REJECTED CVE-2016-8078 - RESERVED + REJECTED CVE-2016-8077 - RESERVED + REJECTED CVE-2016-8076 - RESERVED + REJECTED CVE-2016-8075 - RESERVED + REJECTED CVE-2016-8074 - RESERVED + REJECTED CVE-2016-8073 - RESERVED + REJECTED CVE-2016-8072 - RESERVED + REJECTED CVE-2016-8071 - RESERVED + REJECTED CVE-2016-8070 - RESERVED + REJECTED CVE-2016-8069 - RESERVED + REJECTED CVE-2016-8068 - RESERVED + REJECTED CVE-2016-8067 - RESERVED + REJECTED CVE-2016-8066 - RESERVED + REJECTED CVE-2016-8065 - RESERVED + REJECTED CVE-2016-8064 - RESERVED + REJECTED CVE-2016-8063 - RESERVED + REJECTED CVE-2016-8062 - RESERVED + REJECTED CVE-2016-8061 - RESERVED + REJECTED CVE-2016-8060 - RESERVED + REJECTED CVE-2016-8059 - RESERVED + REJECTED CVE-2016-8058 - RESERVED + REJECTED CVE-2016-8057 - RESERVED + REJECTED CVE-2016-8056 - RESERVED + REJECTED CVE-2016-8055 - RESERVED + REJECTED CVE-2016-8054 - RESERVED + REJECTED CVE-2016-8053 - RESERVED + REJECTED CVE-2016-8052 - RESERVED + REJECTED CVE-2016-8051 - RESERVED + REJECTED CVE-2016-8050 - RESERVED + REJECTED CVE-2016-8049 RESERVED CVE-2016-8048 @@ -7522,19 +7522,19 @@ CVE-2016-8041 CVE-2016-8040 RESERVED CVE-2016-8039 - RESERVED + REJECTED CVE-2016-8038 - RESERVED + REJECTED CVE-2016-8037 - RESERVED + REJECTED CVE-2016-8036 - RESERVED + REJECTED CVE-2016-8035 - RESERVED + REJECTED CVE-2016-8034 - RESERVED + REJECTED CVE-2016-8033 - RESERVED + REJECTED CVE-2016-8032 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus ...) NOT-FOR-US: Intel Security Anti-Virus CVE-2016-8031 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus ...) @@ -8017,21 +8017,21 @@ CVE-2016-7902 (Unrestricted file upload vulnerability in the fileUnzip->unzip CVE-2016-7901 REJECTED CVE-2016-7900 - RESERVED + REJECTED CVE-2016-7899 - RESERVED + REJECTED CVE-2016-7898 - RESERVED + REJECTED CVE-2016-7897 - RESERVED + REJECTED CVE-2016-7896 - RESERVED + REJECTED CVE-2016-7895 - RESERVED + REJECTED CVE-2016-7894 - RESERVED + REJECTED CVE-2016-7893 - RESERVED + REJECTED CVE-2016-7892 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash CVE-2016-7891 (Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier ...) @@ -8117,15 +8117,15 @@ CVE-2016-7852 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Read CVE-2016-7851 (Adobe Connect version 9.5.6 and earlier does not adequately validate ...) NOT-FOR-US: Adobe CVE-2016-7850 - RESERVED + REJECTED CVE-2016-7849 - RESERVED + REJECTED CVE-2016-7848 - RESERVED + REJECTED CVE-2016-7847 - RESERVED + REJECTED CVE-2016-7846 - RESERVED + REJECTED CVE-2016-7845 RESERVED CVE-2016-7844 @@ -8163,11 +8163,11 @@ CVE-2016-7831 CVE-2016-7830 RESERVED CVE-2016-7829 - RESERVED + REJECTED CVE-2016-7828 - RESERVED + REJECTED CVE-2016-7827 - RESERVED + REJECTED CVE-2016-7826 RESERVED CVE-2016-7825 @@ -8312,221 +8312,221 @@ CVE-2016-7777 (Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, CVE-2016-7776 RESERVED CVE-2016-7775 - RESERVED + REJECTED CVE-2016-7774 - RESERVED + REJECTED CVE-2016-7773 - RESERVED + REJECTED CVE-2016-7772 - RESERVED + REJECTED CVE-2016-7771 - RESERVED + REJECTED CVE-2016-7770 - RESERVED + REJECTED CVE-2016-7769 - RESERVED + REJECTED CVE-2016-7768 - RESERVED + REJECTED CVE-2016-7767 - RESERVED + REJECTED CVE-2016-7766 - RESERVED + REJECTED CVE-2016-7765 (An issue was discovered in certain Apple products. iOS before 10.2 is ...) NOT-FOR-US: Apple CVE-2016-7764 - RESERVED + REJECTED CVE-2016-7763 - RESERVED + REJECTED CVE-2016-7762 (An issue was discovered in certain Apple products. iOS before 10.2 is ...) NOT-FOR-US: Apple CVE-2016-7761 (An issue was discovered in certain Apple products. macOS before ...) NOT-FOR-US: Apple CVE-2016-7760 - RESERVED + REJECTED CVE-2016-7759 (An issue was discovered in certain Apple products. iOS before 10 is ...) NOT-FOR-US: Apple CVE-2016-7758 - RESERVED + REJECTED CVE-2016-7757 - RESERVED + REJECTED CVE-2016-7756 - RESERVED + REJECTED CVE-2016-7755 - RESERVED + REJECTED CVE-2016-7754 - RESERVED + REJECTED CVE-2016-7753 - RESERVED + REJECTED CVE-2016-7752 - RESERVED + REJECTED CVE-2016-7751 - RESERVED + REJECTED CVE-2016-7750 - RESERVED + REJECTED CVE-2016-7749 - RESERVED + REJECTED CVE-2016-7748 - RESERVED + REJECTED CVE-2016-7747 - RESERVED + REJECTED CVE-2016-7746 - RESERVED + REJECTED CVE-2016-7745 - RESERVED + REJECTED CVE-2016-7744 - RESERVED + REJECTED CVE-2016-7743 - RESERVED + REJECTED CVE-2016-7742 (An issue was discovered in certain Apple products. macOS before ...) NOT-FOR-US: Apple CVE-2016-7741 - RESERVED + REJECTED CVE-2016-7740 - RESERVED + REJECTED CVE-2016-7739 - RESERVED + REJECTED CVE-2016-7738 - RESERVED + REJECTED CVE-2016-7737 - RESERVED + REJECTED CVE-2016-7736 - RESERVED + REJECTED CVE-2016-7735 - RESERVED + REJECTED CVE-2016-7734 - RESERVED + REJECTED CVE-2016-7733 - RESERVED + REJECTED CVE-2016-7732 - RESERVED + REJECTED CVE-2016-7731 - RESERVED + REJECTED CVE-2016-7730 - RESERVED + REJECTED CVE-2016-7729 - RESERVED + REJECTED CVE-2016-7728 - RESERVED + REJECTED CVE-2016-7727 - RESERVED + REJECTED CVE-2016-7726 - RESERVED + REJECTED CVE-2016-7725 - RESERVED + REJECTED CVE-2016-7724 - RESERVED + REJECTED CVE-2016-7723 - RESERVED + REJECTED CVE-2016-7722 - RESERVED + REJECTED CVE-2016-7721 - RESERVED + REJECTED CVE-2016-7720 - RESERVED + REJECTED CVE-2016-7719 - RESERVED + REJECTED CVE-2016-7718 - RESERVED + REJECTED CVE-2016-7717 - RESERVED + REJECTED CVE-2016-7716 - RESERVED + REJECTED CVE-2016-7715 - RESERVED + REJECTED CVE-2016-7714 (An issue was discovered in certain Apple products. iOS before 10.2 is ...) NOT-FOR-US: Apple CVE-2016-7713 - RESERVED + REJECTED CVE-2016-7712 - RESERVED + REJECTED CVE-2016-7711 - RESERVED + REJECTED CVE-2016-7710 - RESERVED + REJECTED CVE-2016-7709 - RESERVED + REJECTED CVE-2016-7708 - RESERVED + REJECTED CVE-2016-7707 - RESERVED + REJECTED CVE-2016-7706 - RESERVED + REJECTED CVE-2016-7705 - RESERVED + REJECTED CVE-2016-7704 RESERVED CVE-2016-7703 - RESERVED + REJECTED CVE-2016-7702 - RESERVED + REJECTED CVE-2016-7701 - RESERVED + REJECTED CVE-2016-7700 - RESERVED + REJECTED CVE-2016-7699 - RESERVED + REJECTED CVE-2016-7698 - RESERVED + REJECTED CVE-2016-7697 - RESERVED + REJECTED CVE-2016-7696 - RESERVED + REJECTED CVE-2016-7695 - RESERVED + REJECTED CVE-2016-7694 - RESERVED + REJECTED CVE-2016-7693 - RESERVED + REJECTED CVE-2016-7692 - RESERVED + REJECTED CVE-2016-7691 - RESERVED + REJECTED CVE-2016-7690 - RESERVED + REJECTED CVE-2016-7689 - RESERVED + REJECTED CVE-2016-7688 - RESERVED + REJECTED CVE-2016-7687 - RESERVED + REJECTED CVE-2016-7686 - RESERVED + REJECTED CVE-2016-7685 - RESERVED + REJECTED CVE-2016-7684 - RESERVED + REJECTED CVE-2016-7683 - RESERVED + REJECTED CVE-2016-7682 - RESERVED + REJECTED CVE-2016-7681 - RESERVED + REJECTED CVE-2016-7680 - RESERVED + REJECTED CVE-2016-7679 - RESERVED + REJECTED CVE-2016-7678 - RESERVED + REJECTED CVE-2016-7677 - RESERVED + REJECTED CVE-2016-7676 - RESERVED + REJECTED CVE-2016-7675 - RESERVED + REJECTED CVE-2016-7674 - RESERVED + REJECTED CVE-2016-7673 - RESERVED + REJECTED CVE-2016-7672 - RESERVED + REJECTED CVE-2016-7671 - RESERVED + REJECTED CVE-2016-7670 - RESERVED + REJECTED CVE-2016-7669 - RESERVED + REJECTED CVE-2016-7668 - RESERVED + REJECTED CVE-2016-7667 (An issue was discovered in certain Apple products. iOS before 10.2 is ...) NOT-FOR-US: Apple CVE-2016-7666 (An issue was discovered in certain Apple products. Transporter before ...) @@ -8573,7 +8573,7 @@ CVE-2016-7648 (An issue was discovered in certain Apple products. iOS before 10. - webkit2gtk 2.14.3-1 (unimportant) NOTE: Not covered by security support CVE-2016-7647 - RESERVED + REJECTED CVE-2016-7646 (An issue was discovered in certain Apple products. iOS before 10.2 is ...) - webkit2gtk 2.14.3-1 (unimportant) NOTE: Not covered by security support @@ -8613,7 +8613,7 @@ CVE-2016-7632 (An issue was discovered in certain Apple products. iOS before 10. - webkit2gtk 2.14.3-1 (unimportant) NOTE: Not covered by security support CVE-2016-7631 - RESERVED + REJECTED CVE-2016-7630 (An issue was discovered in certain Apple products. iOS before 10.2 is ...) NOT-FOR-US: Apple CVE-2016-7629 (An issue was discovered in certain Apple products. macOS before ...) @@ -8694,14 +8694,14 @@ CVE-2016-7595 (An issue was discovered in certain Apple products. iOS before 10. CVE-2016-7594 (An issue was discovered in certain Apple products. iOS before 10.2 is ...) NOT-FOR-US: Apple CVE-2016-7593 - RESERVED + REJECTED CVE-2016-7592 (An issue was discovered in certain Apple products. iOS before 10.2 is ...) - webkit2gtk 2.14.3-1 (unimportant) NOTE: Not covered by security support CVE-2016-7591 (An issue was discovered in certain Apple products. iOS before 10.2 is ...) NOT-FOR-US: Apple CVE-2016-7590 - RESERVED + REJECTED CVE-2016-7589 (An issue was discovered in certain Apple products. iOS before 10.2 is ...) - webkit2gtk 2.14.3-1 (unimportant) NOTE: Not covered by security support @@ -8879,19 +8879,19 @@ CVE-2016-7498 (OpenStack Compute (nova) 13.0.0 does not properly delete instance NOTE: Relates to OSSA-2015-017 (CVE-2015-3280) which was previously fixed NOTE: and then reintroduced with 13.0.0 and refixed in 13.1.0. CVE-2016-7497 - RESERVED + REJECTED CVE-2016-7496 - RESERVED + REJECTED CVE-2016-7495 - RESERVED + REJECTED CVE-2016-7494 - RESERVED + REJECTED CVE-2016-7493 - RESERVED + REJECTED CVE-2016-7492 - RESERVED + REJECTED CVE-2016-7491 - RESERVED + REJECTED CVE-2016-7490 (The installation script studioexpressinstall for Teradata Studio ...) NOT-FOR-US: Teradata Studio Express CVE-2016-7489 (Teradata Virtual Machine Community Edition v15.10's perl script ...) @@ -8899,19 +8899,19 @@ CVE-2016-7489 (Teradata Virtual Machine Community Edition v15.10's perl script . CVE-2016-7488 (Teradata Virtual Machine Community Edition v15.10 has insecure file ...) NOT-FOR-US: Teradata Virtual Machine Community Edition CVE-2016-7487 - RESERVED + REJECTED CVE-2016-7486 - RESERVED + REJECTED CVE-2016-7485 - RESERVED + REJECTED CVE-2016-7484 - RESERVED + REJECTED CVE-2016-7483 - RESERVED + REJECTED CVE-2016-7482 - RESERVED + REJECTED CVE-2016-7481 - RESERVED + REJECTED CVE-2016-7480 (The SplObjectStorage unserialize implementation in ...) - php7.0 7.0.12-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73257 @@ -8940,8 +8940,8 @@ CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x CVE-2016-7477 (The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 ...) - libav <removed> (unimportant) NOTE: https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/ -CVE-2016-7476 - RESERVED +CVE-2016-7476 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, ...) + TODO: check CVE-2016-7475 RESERVED CVE-2016-7474 (In some cases the MCPD binary cache in F5 BIG-IP devices may allow a ...) @@ -8961,9 +8961,9 @@ CVE-2016-7468 (An unauthenticated remote attacker may be able to disrupt service CVE-2016-7467 (The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 ...) NOT-FOR-US: F5 CVE-2016-7465 - RESERVED + REJECTED CVE-2016-7464 - RESERVED + REJECTED CVE-2016-7463 (Cross-site scripting (XSS) vulnerability in the Host Client in VMware ...) NOT-FOR-US: VMware CVE-2016-7462 (The Suite REST API in VMware vRealize Operations (aka vROps) 6.x ...) @@ -9301,143 +9301,143 @@ CVE-2016-7369 CVE-2016-7368 RESERVED CVE-2016-7367 - RESERVED + REJECTED CVE-2016-7366 - RESERVED + REJECTED CVE-2016-7365 - RESERVED + REJECTED CVE-2016-7364 - RESERVED + REJECTED CVE-2016-7363 - RESERVED + REJECTED CVE-2016-7362 - RESERVED + REJECTED CVE-2016-7361 - RESERVED + REJECTED CVE-2016-7360 - RESERVED + REJECTED CVE-2016-7359 - RESERVED + REJECTED CVE-2016-7358 - RESERVED + REJECTED CVE-2016-7357 - RESERVED + REJECTED CVE-2016-7356 - RESERVED + REJECTED CVE-2016-7355 - RESERVED + REJECTED CVE-2016-7354 - RESERVED + REJECTED CVE-2016-7353 - RESERVED + REJECTED CVE-2016-7352 - RESERVED + REJECTED CVE-2016-7351 - RESERVED + REJECTED CVE-2016-7350 - RESERVED + REJECTED CVE-2016-7349 - RESERVED + REJECTED CVE-2016-7348 - RESERVED + REJECTED CVE-2016-7347 - RESERVED + REJECTED CVE-2016-7346 - RESERVED + REJECTED CVE-2016-7345 - RESERVED + REJECTED CVE-2016-7344 - RESERVED + REJECTED CVE-2016-7343 - RESERVED + REJECTED CVE-2016-7342 - RESERVED + REJECTED CVE-2016-7341 - RESERVED + REJECTED CVE-2016-7340 - RESERVED + REJECTED CVE-2016-7339 - RESERVED + REJECTED CVE-2016-7338 - RESERVED + REJECTED CVE-2016-7337 - RESERVED + REJECTED CVE-2016-7336 - RESERVED + REJECTED CVE-2016-7335 - RESERVED + REJECTED CVE-2016-7334 - RESERVED + REJECTED CVE-2016-7333 - RESERVED + REJECTED CVE-2016-7332 - RESERVED + REJECTED CVE-2016-7331 - RESERVED + REJECTED CVE-2016-7330 - RESERVED + REJECTED CVE-2016-7329 - RESERVED + REJECTED CVE-2016-7328 - RESERVED + REJECTED CVE-2016-7327 - RESERVED + REJECTED CVE-2016-7326 - RESERVED + REJECTED CVE-2016-7325 - RESERVED + REJECTED CVE-2016-7324 - RESERVED + REJECTED CVE-2016-7323 - RESERVED + REJECTED CVE-2016-7322 - RESERVED + REJECTED CVE-2016-7321 - RESERVED + REJECTED CVE-2016-7320 - RESERVED + REJECTED CVE-2016-7319 - RESERVED + REJECTED CVE-2016-7318 - RESERVED + REJECTED CVE-2016-7317 - RESERVED + REJECTED CVE-2016-7316 - RESERVED + REJECTED CVE-2016-7315 - RESERVED + REJECTED CVE-2016-7314 - RESERVED + REJECTED CVE-2016-7313 - RESERVED + REJECTED CVE-2016-7312 - RESERVED + REJECTED CVE-2016-7311 - RESERVED + REJECTED CVE-2016-7310 - RESERVED + REJECTED CVE-2016-7309 - RESERVED + REJECTED CVE-2016-7308 - RESERVED + REJECTED CVE-2016-7307 - RESERVED + REJECTED CVE-2016-7306 - RESERVED + REJECTED CVE-2016-7305 - RESERVED + REJECTED CVE-2016-7304 - RESERVED + REJECTED CVE-2016-7303 - RESERVED + REJECTED CVE-2016-7302 - RESERVED + REJECTED CVE-2016-7301 - RESERVED + REJECTED CVE-2016-7300 (Untrusted search path vulnerability in Microsoft Auto Updater for Mac ...) NOT-FOR-US: Microsoft Auto Updater for Mac CVE-2016-7299 - RESERVED + REJECTED CVE-2016-7298 (Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for ...) NOT-FOR-US: Microsoft CVE-2016-7297 (The scripting engines in Microsoft Edge allow remote attackers to ...) @@ -9447,7 +9447,7 @@ CVE-2016-7296 (The scripting engines in Microsoft Edge allow remote attackers to CVE-2016-7295 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) NOT-FOR-US: Microsoft CVE-2016-7294 - RESERVED + REJECTED CVE-2016-7293 REJECTED CVE-2016-7292 (The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...) @@ -9465,7 +9465,7 @@ CVE-2016-7287 (The scripting engines in Microsoft Internet Explorer 11 and Micro CVE-2016-7286 (The scripting engines in Microsoft Edge allow remote attackers to ...) NOT-FOR-US: Microsoft CVE-2016-7285 - RESERVED + REJECTED CVE-2016-7284 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2016-7283 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) @@ -9497,7 +9497,7 @@ CVE-2016-7271 (The Secure Kernel Mode implementation in Microsoft Windows 10 Gol CVE-2016-7270 (The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 ...) NOT-FOR-US: Microsoft .NET Framework CVE-2016-7269 - RESERVED + REJECTED CVE-2016-7268 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office ...) NOT-FOR-US: Microsoft CVE-2016-7267 (Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses ...) @@ -9513,7 +9513,7 @@ CVE-2016-7263 (Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote CVE-2016-7262 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...) NOT-FOR-US: Microsoft CVE-2016-7261 - RESERVED + REJECTED CVE-2016-7260 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2016-7259 (The Graphics Component in the kernel-mode drivers in Microsoft Windows ...) @@ -9621,7 +9621,7 @@ CVE-2016-7209 (Microsoft Edge allows remote attackers to spoof web content via a CVE-2016-7208 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...) NOT-FOR-US: Microsoft CVE-2016-7207 - RESERVED + REJECTED CVE-2016-7206 (Cross-site scripting (XSS) vulnerability in Microsoft Edge allows ...) NOT-FOR-US: Microsoft CVE-2016-7205 (Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 ...) @@ -9641,7 +9641,7 @@ CVE-2016-7199 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow CVE-2016-7198 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...) NOT-FOR-US: Microsoft CVE-2016-7197 - RESERVED + REJECTED CVE-2016-7196 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote ...) NOT-FOR-US: Microsoft CVE-2016-7195 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...) @@ -9651,7 +9651,7 @@ CVE-2016-7194 (The Chakra JavaScript engine in Microsoft Edge allows remote atta CVE-2016-7193 (Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT ...) NOT-FOR-US: Microsoft CVE-2016-7192 - RESERVED + REJECTED CVE-2016-7191 (The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) ...) NOT-FOR-US: Microsoft Azure Active Directory Passport CVE-2016-7190 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) @@ -9661,15 +9661,15 @@ CVE-2016-7189 (The Chakra JavaScript engine in Microsoft Edge allows remote atta CVE-2016-7188 (The Standard Collector Service in Windows Diagnostics Hub in Microsoft ...) NOT-FOR-US: Microsoft CVE-2016-7187 - RESERVED + REJECTED CVE-2016-7186 - RESERVED + REJECTED CVE-2016-7185 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft CVE-2016-7184 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) NOT-FOR-US: Microsoft CVE-2016-7183 - RESERVED + REJECTED CVE-2016-7182 (The Graphics component in Microsoft Windows Vista SP2; Windows Server ...) NOT-FOR-US: Microsoft CVE-2016-7181 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) @@ -10422,19 +10422,19 @@ CVE-2016-7030 [DoS attack against kerberized services by abusing password policy CVE-2016-7029 RESERVED CVE-2016-7027 - RESERVED + REJECTED CVE-2016-7026 - RESERVED + REJECTED CVE-2016-7025 - RESERVED + REJECTED CVE-2016-7024 - RESERVED + REJECTED CVE-2016-7023 - RESERVED + REJECTED CVE-2016-7022 - RESERVED + REJECTED CVE-2016-7021 - RESERVED + REJECTED CVE-2016-7020 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...) NOT-FOR-US: Adobe Flash Player CVE-2016-7019 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) @@ -10494,7 +10494,7 @@ CVE-2016-6993 (Use-after-free vulnerability in Adobe Reader and Acrobat before . CVE-2016-6992 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...) NOT-FOR-US: Adobe CVE-2016-6991 - RESERVED + REJECTED CVE-2016-6990 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...) NOT-FOR-US: Adobe CVE-2016-6989 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...) @@ -10620,7 +10620,7 @@ CVE-2016-6930 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0. CVE-2016-6929 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...) NOT-FOR-US: Adobe Flash CVE-2016-6928 - RESERVED + REJECTED CVE-2016-6927 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...) NOT-FOR-US: Adobe Flash CVE-2016-6926 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...) @@ -11377,7 +11377,7 @@ CVE-2016-6662 (Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x thro CVE-2016-6661 RESERVED CVE-2016-6660 - RESERVED + REJECTED CVE-2016-6659 (Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, ...) NOT-FOR-US: Pivotal CVE-2016-6658 @@ -11389,7 +11389,7 @@ CVE-2016-6656 (An issue was discovered in Pivotal Greenplum before 4.3.10.0. Cre CVE-2016-6655 RESERVED CVE-2016-6654 - RESERVED + REJECTED CVE-2016-6653 (The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) ...) NOT-FOR-US: Pivotal CVE-2016-6652 (SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 ...) @@ -11417,11 +11417,11 @@ CVE-2016-6642 (Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM b CVE-2016-6641 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 ...) NOT-FOR-US: EMC CVE-2016-6640 - RESERVED + REJECTED CVE-2016-6639 (Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP ...) NOT-FOR-US: Pivotal CVE-2016-6638 - RESERVED + REJECTED CVE-2016-6637 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal ...) NOT-FOR-US: Pivotal CVE-2016-6636 (The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) ...) @@ -11853,7 +11853,7 @@ CVE-2016-6582 (The Doorkeeper gem before 4.2.0 for Ruby might allow remote attac NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53 NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/875 CVE-2016-6579 - RESERVED + REJECTED CVE-2016-6578 RESERVED CVE-2016-6577 @@ -12351,13 +12351,13 @@ CVE-2016-6392 (Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 a CVE-2016-6391 (Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause ...) NOT-FOR-US: Cisco CVE-2016-6390 - RESERVED + REJECTED CVE-2016-6389 - RESERVED + REJECTED CVE-2016-6388 - RESERVED + REJECTED CVE-2016-6387 - RESERVED + REJECTED CVE-2016-6386 (Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows ...) NOT-FOR-US: Cisco CVE-2016-6385 (Memory leak in the Smart Install client implementation in Cisco IOS ...) @@ -12365,7 +12365,7 @@ CVE-2016-6385 (Memory leak in the Smart Install client implementation in Cisco I CVE-2016-6384 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 ...) NOT-FOR-US: Cisco CVE-2016-6383 - RESERVED + REJECTED CVE-2016-6382 (Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow ...) NOT-FOR-US: Cisco CVE-2016-6381 (Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and ...) @@ -14219,7 +14219,7 @@ CVE-2016-5822 (Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote atta CVE-2016-5821 (Huawei HiSuite before 4.0.4.204_ove (Out of China) and before ...) NOT-FOR-US: Huawei HiSuite CVE-2016-5820 - RESERVED + REJECTED CVE-2016-5819 RESERVED CVE-2016-5818 (An issue was discovered in Schneider Electric PowerLogic PM8ECC device ...) @@ -14243,11 +14243,11 @@ CVE-2016-5810 (upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows r CVE-2016-5809 (An issue was discovered on Schneider Electric IONXXXX series power ...) NOT-FOR-US: Schneider CVE-2016-5808 - RESERVED + REJECTED CVE-2016-5807 (Tollgrade LightHouse SMS before 5.1 patch 3 allows remote ...) NOT-FOR-US: Tollgrade CVE-2016-5806 - RESERVED + REJECTED CVE-2016-5805 (An issue was discovered in Delta Electronics WPLSoft, Versions prior to ...) NOT-FOR-US: Delta Electronics WPLSoft CVE-2016-5804 (Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 ...) @@ -14271,7 +14271,7 @@ CVE-2016-5796 (An issue was discovered in Fatek Automation PM Designer V3 Versio CVE-2016-5795 RESERVED CVE-2016-5794 - RESERVED + REJECTED CVE-2016-5793 (Unquoted Windows search path vulnerability in Moxa Active OPC Server ...) NOT-FOR-US: Moxa CVE-2016-5792 (SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote ...) @@ -15076,7 +15076,7 @@ CVE-2016-5552 (Vulnerability in the Java SE, Java SE Embedded, JRockit component CVE-2016-5551 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems ...) NOT-FOR-US: Solaris CVE-2016-5550 - RESERVED + REJECTED CVE-2016-5549 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-8 8u121-b13-1 - openjdk-7 <not-affected> (In the Debian package, the code is removed during build time) @@ -15161,7 +15161,7 @@ CVE-2016-5522 (Unspecified vulnerability in the Oracle Agile PLM component in Or CVE-2016-5521 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...) NOT-FOR-US: Oracle CVE-2016-5520 - RESERVED + REJECTED CVE-2016-5519 (Unspecified vulnerability in the Oracle GlassFish Server component in ...) - glassfish <not-affected> (Vulnerable code not included, see bug #853998) CVE-2016-5518 (Unspecified vulnerability in the Oracle Agile Engineering Data ...) @@ -15213,11 +15213,11 @@ CVE-2016-5498 (Unspecified vulnerability in the RDBMS Security component in Orac CVE-2016-5497 (Unspecified vulnerability in the RDBMS Security component in Oracle ...) NOT-FOR-US: Oracle CVE-2016-5496 - RESERVED + REJECTED CVE-2016-5495 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...) NOT-FOR-US: Oracle CVE-2016-5494 - RESERVED + REJECTED CVE-2016-5493 (Unspecified vulnerability in the Oracle FLEXCUBE Private Banking ...) NOT-FOR-US: Oracle CVE-2016-5492 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) ...) @@ -15235,9 +15235,9 @@ CVE-2016-5487 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local CVE-2016-5486 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) ...) NOT-FOR-US: Oracle CVE-2016-5485 - RESERVED + REJECTED CVE-2016-5484 - RESERVED + REJECTED CVE-2016-5483 REJECTED {DSA-3834-1 DLA-916-1} @@ -15261,7 +15261,7 @@ CVE-2016-5480 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local u CVE-2016-5479 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle CVE-2016-5478 - RESERVED + REJECTED CVE-2016-5477 (Unspecified vulnerability in the Oracle GlassFish Server component in ...) - glassfish <not-affected> (Full application server not packaged) CVE-2016-5476 (Unspecified vulnerability in the Oracle Retail Integration Bus ...) @@ -15359,7 +15359,7 @@ CVE-2016-5439 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL CVE-2016-5438 - RESERVED + REJECTED CVE-2016-5437 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows ...) - mysql-5.6 <not-affected> (Only affects MySQL 5.7) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) @@ -16700,7 +16700,7 @@ CVE-2016-5127 (Use-after-free vulnerability in ...) - chromium-browser 52.0.2743.82-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2016-5125 - RESERVED + REJECTED CVE-2016-5124 (An issue was discovered in Open-Xchange OX App Suite before ...) NOT-FOR-US: Open-Xchange CVE-2016-5123 @@ -17373,25 +17373,25 @@ CVE-2016-4943 CVE-2016-4942 RESERVED CVE-2016-4941 - RESERVED + REJECTED CVE-2016-4940 - RESERVED + REJECTED CVE-2016-4939 - RESERVED + REJECTED CVE-2016-4938 - RESERVED + REJECTED CVE-2016-4937 - RESERVED + REJECTED CVE-2016-4936 - RESERVED + REJECTED CVE-2016-4935 - RESERVED + REJECTED CVE-2016-4934 - RESERVED + REJECTED CVE-2016-4933 - RESERVED + REJECTED CVE-2016-4932 - RESERVED + REJECTED CVE-2016-4931 (XML entity injection in Junos Space before 15.2R2 allows attackers to ...) NOT-FOR-US: Juniper CVE-2016-4930 (Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 ...) @@ -17593,9 +17593,9 @@ CVE-2016-4838 CVE-2016-4837 (SQL injection vulnerability in the Seed Coupon plugin before 1.6 for ...) NOT-FOR-US: EC-CUBE CVE-2016-4836 - RESERVED + REJECTED CVE-2016-4835 - RESERVED + REJECTED CVE-2016-4834 (modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does ...) NOT-FOR-US: Vtiger CVE-2016-4833 (Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin ...) @@ -17770,7 +17770,7 @@ CVE-2016-4772 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before CVE-2016-4771 (The kernel in Apple iOS before 10 and OS X before 10.12 allows local ...) NOT-FOR-US: Apple CVE-2016-4770 - RESERVED + REJECTED CVE-2016-4769 (WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 ...) NOT-FOR-US: Webkit as used by Apple CVE-2016-4768 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...) @@ -17796,9 +17796,9 @@ CVE-2016-4759 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5 CVE-2016-4758 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and ...) NOT-FOR-US: Webkit as used by Apple CVE-2016-4757 - RESERVED + REJECTED CVE-2016-4756 - RESERVED + REJECTED CVE-2016-4755 (Terminal in Apple OS X before 10.12 uses weak permissions for the ...) NOT-FOR-US: Apple CVE-2016-4754 (ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 ...) @@ -17822,7 +17822,7 @@ CVE-2016-4746 (The Keyboards component in Apple iOS before 10 does not properly CVE-2016-4745 (The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does ...) NOT-FOR-US: Apple CVE-2016-4744 - RESERVED + REJECTED CVE-2016-4743 (An issue was discovered in certain Apple products. iOS before 10.2 is ...) - webkit2gtk 2.14.3-1 (unimportant) NOTE: Not covered by security support @@ -17850,7 +17850,7 @@ CVE-2016-4734 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before CVE-2016-4733 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 ...) NOT-FOR-US: Webkit as used by Apple CVE-2016-4732 - RESERVED + REJECTED CVE-2016-4731 (WebKit in Apple iOS before 10 and Safari before 10 allows remote ...) NOT-FOR-US: Webkit as used by Apple CVE-2016-4730 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 ...) @@ -17874,7 +17874,7 @@ CVE-2016-4722 (The IDS - Connectivity component in Apple iOS before 10 and OS X CVE-2016-4721 (An issue was discovered in certain Apple products. iOS before 10.1 is ...) NOT-FOR-US: Apple CVE-2016-4720 - RESERVED + REJECTED CVE-2016-4719 (The GeoServices component in Apple iOS before 10 and watchOS before 3 ...) NOT-FOR-US: Apple CVE-2016-4718 (Buffer overflow in FontParser in Apple iOS before 10, OS X before ...) @@ -17886,7 +17886,7 @@ CVE-2016-4716 (diskutil in DiskArbitration in Apple OS X before 10.12 allows loc CVE-2016-4715 (The Date & Time Pref Pane component in Apple OS X before 10.12 ...) NOT-FOR-US: Apple CVE-2016-4714 - RESERVED + REJECTED CVE-2016-4713 (CoreDisplay in Apple OS X before 10.12 allows attackers to view ...) NOT-FOR-US: Apple CVE-2016-4712 (CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, ...) @@ -17924,7 +17924,7 @@ CVE-2016-4697 (Apple HSSPI Support in Apple OS X before 10.12 allows attackers t CVE-2016-4696 (AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute ...) NOT-FOR-US: Apple CVE-2016-4695 - RESERVED + REJECTED CVE-2016-4694 (The Apache HTTP Server in Apple OS X before 10.12 and OS X Server ...) NOT-FOR-US: Apple CVE assignment to the equivalent of CVE-2016-5387 CVE-2016-4693 (An issue was discovered in certain Apple products. iOS before 10.2 is ...) @@ -17941,13 +17941,13 @@ CVE-2016-4689 (An issue was discovered in certain Apple products. iOS before 10. CVE-2016-4688 (An issue was discovered in certain Apple products. iOS before 10.1 is ...) NOT-FOR-US: Apple CVE-2016-4687 - RESERVED + REJECTED CVE-2016-4686 (An issue was discovered in certain Apple products. iOS before 10.1 is ...) NOT-FOR-US: Apple CVE-2016-4685 (An issue was discovered in certain Apple products. iOS before 10.1 is ...) NOT-FOR-US: Apple CVE-2016-4684 - RESERVED + REJECTED CVE-2016-4683 (An issue was discovered in certain Apple products. macOS before ...) NOT-FOR-US: Apple CVE-2016-4682 (An issue was discovered in certain Apple products. macOS before 10.12 ...) @@ -17971,7 +17971,7 @@ CVE-2016-4674 (An issue was discovered in certain Apple products. macOS before . CVE-2016-4673 (An issue was discovered in certain Apple products. iOS before 10.1 is ...) NOT-FOR-US: Apple CVE-2016-4672 - RESERVED + REJECTED CVE-2016-4671 (An issue was discovered in certain Apple products. macOS before ...) NOT-FOR-US: Apple CVE-2016-4670 (An issue was discovered in certain Apple products. iOS before 10.1 is ...) @@ -17979,7 +17979,7 @@ CVE-2016-4670 (An issue was discovered in certain Apple products. iOS before 10. CVE-2016-4669 (An issue was discovered in certain Apple products. iOS before 10.1 is ...) NOT-FOR-US: Apple CVE-2016-4668 - RESERVED + REJECTED CVE-2016-4667 (An issue was discovered in certain Apple products. macOS before ...) NOT-FOR-US: Apple CVE-2016-4666 (An issue was discovered in certain Apple products. iOS before 10.1 is ...) @@ -17997,7 +17997,7 @@ CVE-2016-4661 (An issue was discovered in certain Apple products. macOS before . CVE-2016-4660 (An issue was discovered in certain Apple products. iOS before 10.1 is ...) NOT-FOR-US: Apple CVE-2016-4659 - RESERVED + REJECTED CVE-2016-4658 (libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and ...) {DSA-3744-1 DLA-691-1} - libxml2 2.9.4+dfsg1-2.1 (bug #840553) @@ -18047,7 +18047,7 @@ CVE-2016-4638 (Login Window in Apple OS X before 10.11.6 allows attackers to gai CVE-2016-4637 (CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS ...) NOT-FOR-US: Apple CVE-2016-4636 - RESERVED + REJECTED CVE-2016-4635 (FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows ...) NOT-FOR-US: Apple CVE-2016-4634 (The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows ...) @@ -18386,7 +18386,7 @@ CVE-2016-4517 CVE-2016-4516 (ABB PCM600 before 2.7 improperly stores the main application password ...) NOT-FOR-US: ABB PCM600 CVE-2016-4515 - RESERVED + REJECTED CVE-2016-4514 (Moxa PT-7728 devices with software 3.4 build 15081113 allow remote ...) NOT-FOR-US: Moxa CVE-2016-4513 (Cross-site scripting (XSS) vulnerability in the Schneider Electric ...) @@ -19669,7 +19669,7 @@ CVE-2016-4055 (The duration function in the moment package before 2.11.2 for Nod - node-moment <unfixed> (unimportant) NOTE: nodejs not covered by security support CVE-2016-4050 - RESERVED + REJECTED CVE-2016-4049 (The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does ...) {DSA-3654-1 DLA-601-1} - quagga 1.0.20160315-2 (bug #822787) @@ -20350,7 +20350,7 @@ CVE-2016-3819 (Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in .. CVE-2016-3818 (libc in Android 4.x before 4.4.4 allows remote attackers to cause a ...) NOT-FOR-US: Android libc CVE-2016-3817 - RESERVED + REJECTED CVE-2016-3816 (The MediaTek display driver in Android before 2016-07-05 on Android ...) NOT-FOR-US: MediaTek driver for Android CVE-2016-3815 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 ...) @@ -20406,37 +20406,37 @@ CVE-2016-3793 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 CVE-2016-3792 (CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-3791 - RESERVED + REJECTED CVE-2016-3790 - RESERVED + REJECTED CVE-2016-3789 - RESERVED + REJECTED CVE-2016-3788 - RESERVED + REJECTED CVE-2016-3787 - RESERVED + REJECTED CVE-2016-3786 - RESERVED + REJECTED CVE-2016-3785 - RESERVED + REJECTED CVE-2016-3784 - RESERVED + REJECTED CVE-2016-3783 - RESERVED + REJECTED CVE-2016-3782 - RESERVED + REJECTED CVE-2016-3781 - RESERVED + REJECTED CVE-2016-3780 - RESERVED + REJECTED CVE-2016-3779 - RESERVED + REJECTED CVE-2016-3778 - RESERVED + REJECTED CVE-2016-3777 - RESERVED + REJECTED CVE-2016-3776 - RESERVED + REJECTED CVE-2016-3775 (The kernel filesystem implementation in Android before 2016-07-05 on ...) - linux <undetermined> NOTE: https://source.android.com/security/bulletin/2016-07-01.html @@ -20717,7 +20717,7 @@ CVE-2016-3689 (The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu NOTE: https://bugzilla.novell.com/show_bug.cgi?id=971628 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1320060 CVE-2016-3682 - RESERVED + REJECTED CVE-2016-3681 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before ...) NOT-FOR-US: Huawei CVE-2016-3680 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before ...) @@ -20734,7 +20734,7 @@ CVE-2016-3676 (Huawei E3276s USB modems with software before ...) CVE-2016-3675 (SQL injection vulnerability in Huawei Policy Center with software ...) NOT-FOR-US: Huawei CVE-2016-3673 - RESERVED + REJECTED CVE-2016-3672 (The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux ...) {DSA-3607-1 DLA-516-1} - linux 4.5.1-1 @@ -20877,7 +20877,7 @@ CVE-2016-3630 (The binary delta decoder in Mercurial before 3.7.3 allows remote NOTE: https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf (1/2) NOTE: https://selenic.com/repo/hg-stable/rev/b9714d958e89 (2/2) CVE-2016-3629 - RESERVED + REJECTED CVE-2016-3628 (Buffer overflow in tibemsd in the server in TIBCO Enterprise Message ...) NOT-FOR-US: TIBCO CVE-2016-3626 @@ -20993,19 +20993,19 @@ CVE-2016-3606 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Ja [experimental] - openjdk-7 7u111-2.6.7-1 - openjdk-7 <removed> CVE-2016-3605 - RESERVED + REJECTED CVE-2016-3604 - RESERVED + REJECTED CVE-2016-3603 - RESERVED + REJECTED CVE-2016-3602 - RESERVED + REJECTED CVE-2016-3601 - RESERVED + REJECTED CVE-2016-3600 - RESERVED + REJECTED CVE-2016-3599 - RESERVED + REJECTED CVE-2016-3598 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded ...) {DSA-3641-1 DLA-579-1} - openjdk-8 8u102-b14-1 @@ -21505,13 +21505,13 @@ CVE-2016-3399 CVE-2016-3398 RESERVED CVE-2016-3397 - RESERVED + REJECTED CVE-2016-3396 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...) NOT-FOR-US: Microsoft CVE-2016-3395 - RESERVED + REJECTED CVE-2016-3394 - RESERVED + REJECTED CVE-2016-3393 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...) NOT-FOR-US: Microsoft CVE-2016-3392 (The Edge Content Security Policy feature in Microsoft Edge does not ...) @@ -21539,7 +21539,7 @@ CVE-2016-3382 (The scripting engines in Microsoft Internet Explorer 9 through 11 CVE-2016-3381 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...) NOT-FOR-US: Microsoft CVE-2016-3380 - RESERVED + REJECTED CVE-2016-3379 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...) NOT-FOR-US: Microsoft CVE-2016-3378 (Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, ...) @@ -21605,7 +21605,7 @@ CVE-2016-3349 (The kernel-mode drivers in Microsoft Windows 8.1, Windows Server CVE-2016-3348 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft CVE-2016-3347 - RESERVED + REJECTED CVE-2016-3346 (Microsoft Windows 10 Gold, 1511, and 1607 does not properly enforce ...) NOT-FOR-US: Microsoft CVE-2016-3345 (The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 ...) @@ -21621,13 +21621,13 @@ CVE-2016-3341 (The kernel-mode drivers in Transaction Manager in Microsoft Windo CVE-2016-3340 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) NOT-FOR-US: Microsoft CVE-2016-3339 - RESERVED + REJECTED CVE-2016-3338 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) NOT-FOR-US: Microsoft CVE-2016-3337 - RESERVED + REJECTED CVE-2016-3336 - RESERVED + REJECTED CVE-2016-3335 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) NOT-FOR-US: Microsoft CVE-2016-3334 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) @@ -21643,7 +21643,7 @@ CVE-2016-3330 (Microsoft Edge allows remote attackers to execute arbitrary code CVE-2016-3329 (Microsoft Internet Explorer 9 through 11 and Edge allow remote ...) NOT-FOR-US: Microsoft CVE-2016-3328 - RESERVED + REJECTED CVE-2016-3327 (Microsoft Internet Explorer 9 through 11 and Edge allow remote ...) NOT-FOR-US: Microsoft CVE-2016-3326 (Microsoft Internet Explorer 9 through 11 and Edge allow remote ...) @@ -21653,7 +21653,7 @@ CVE-2016-3325 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote .. CVE-2016-3324 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2016-3323 - RESERVED + REJECTED CVE-2016-3322 (Microsoft Internet Explorer 11 and Edge allow remote attackers to ...) NOT-FOR-US: Microsoft CVE-2016-3321 (Microsoft Internet Explorer 10 and 11 load different files for ...) @@ -21671,7 +21671,7 @@ CVE-2016-3316 (Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allo CVE-2016-3315 (Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and ...) NOT-FOR-US: Microsoft CVE-2016-3314 - RESERVED + REJECTED CVE-2016-3313 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, ...) NOT-FOR-US: Microsoft CVE-2016-3312 (ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows ...) @@ -21685,7 +21685,7 @@ CVE-2016-3309 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows S CVE-2016-3308 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...) NOT-FOR-US: Microsoft CVE-2016-3307 - RESERVED + REJECTED CVE-2016-3306 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...) NOT-FOR-US: Microsoft CVE-2016-3305 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...) @@ -21729,7 +21729,7 @@ CVE-2016-3287 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows R CVE-2016-3286 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft CVE-2016-3285 - RESERVED + REJECTED CVE-2016-3284 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...) NOT-FOR-US: Microsoft CVE-2016-3283 (Microsoft Word Viewer allows remote attackers to execute arbitrary ...) @@ -21749,7 +21749,7 @@ CVE-2016-3277 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow re CVE-2016-3276 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...) NOT-FOR-US: Microsoft CVE-2016-3275 - RESERVED + REJECTED CVE-2016-3274 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...) NOT-FOR-US: Microsoft CVE-2016-3273 (The XSS Filter in Microsoft Internet Explorer 9 through 11 and ...) @@ -21763,7 +21763,7 @@ CVE-2016-3270 (The Graphics component in the kernel in Microsoft Windows Vista S CVE-2016-3269 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) NOT-FOR-US: Microsoft CVE-2016-3268 - RESERVED + REJECTED CVE-2016-3267 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...) NOT-FOR-US: Microsoft CVE-2016-3266 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) @@ -21785,7 +21785,7 @@ CVE-2016-3259 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScr CVE-2016-3258 (Race condition in the kernel in Microsoft Windows 8.1, Windows Server ...) NOT-FOR-US: Microsoft CVE-2016-3257 - RESERVED + REJECTED CVE-2016-3256 (Microsoft Windows 10 Gold and 1511 allows local users to bypass the ...) NOT-FOR-US: Microsoft CVE-2016-3255 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 ...) @@ -21793,7 +21793,7 @@ CVE-2016-3255 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6 CVE-2016-3254 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft CVE-2016-3253 - RESERVED + REJECTED CVE-2016-3252 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft CVE-2016-3251 (The GDI component in the kernel-mode drivers in Microsoft Windows ...) @@ -21841,7 +21841,7 @@ CVE-2016-3231 (The Standard Collector service in Windows Diagnostics Hub mishand CVE-2016-3230 (The Search component in Microsoft Windows 7, Windows Server 2008 R2 ...) NOT-FOR-US: Microsoft CVE-2016-3229 - RESERVED + REJECTED CVE-2016-3228 (Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 ...) NOT-FOR-US: Microsoft CVE-2016-3227 (Use-after-free vulnerability in the DNS Server component in Microsoft ...) @@ -21851,7 +21851,7 @@ CVE-2016-3226 (Active Directory in Microsoft Windows Server 2008 R2 SP1 and Serv CVE-2016-3225 (The SMB server component in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft CVE-2016-3224 - RESERVED + REJECTED CVE-2016-3223 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) NOT-FOR-US: Microsoft CVE-2016-3222 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) @@ -21865,7 +21865,7 @@ CVE-2016-3219 (The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allo CVE-2016-3218 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft CVE-2016-3217 - RESERVED + REJECTED CVE-2016-3216 (GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, ...) NOT-FOR-US: Microsoft CVE-2016-3215 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 ...) @@ -21883,7 +21883,7 @@ CVE-2016-3210 (The Microsoft (1) JScript and (2) VBScript engines, as used in .. CVE-2016-3209 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...) NOT-FOR-US: Microsoft CVE-2016-3208 - RESERVED + REJECTED CVE-2016-3207 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...) NOT-FOR-US: Microsoft CVE-2016-3206 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...) @@ -21899,7 +21899,7 @@ CVE-2016-3202 (The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScrip CVE-2016-3201 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 ...) NOT-FOR-US: Microsoft CVE-2016-3200 - RESERVED + REJECTED CVE-2016-3199 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) NOT-FOR-US: Microsoft CVE-2016-3198 (Microsoft Edge allows remote attackers to bypass the Content Security ...) @@ -23247,405 +23247,405 @@ CVE-2016-2774 (ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3. NOTE: https://kb.isc.org/article/AA-01354 NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=0b209ea5cc333255e055113fa2ad636dda681a21 CVE-2016-2773 - RESERVED + REJECTED CVE-2016-2772 - RESERVED + REJECTED CVE-2016-2771 - RESERVED + REJECTED CVE-2016-2770 - RESERVED + REJECTED CVE-2016-2769 - RESERVED + REJECTED CVE-2016-2768 - RESERVED + REJECTED CVE-2016-2767 - RESERVED + REJECTED CVE-2016-2766 - RESERVED + REJECTED CVE-2016-2765 - RESERVED + REJECTED CVE-2016-2764 - RESERVED + REJECTED CVE-2016-2763 - RESERVED + REJECTED CVE-2016-2762 - RESERVED + REJECTED CVE-2016-2761 - RESERVED + REJECTED CVE-2016-2760 - RESERVED + REJECTED CVE-2016-2759 - RESERVED + REJECTED CVE-2016-2758 - RESERVED + REJECTED CVE-2016-2757 - RESERVED + REJECTED CVE-2016-2756 - RESERVED + REJECTED CVE-2016-2755 - RESERVED + REJECTED CVE-2016-2754 - RESERVED + REJECTED CVE-2016-2753 - RESERVED + REJECTED CVE-2016-2752 - RESERVED + REJECTED CVE-2016-2751 - RESERVED + REJECTED CVE-2016-2750 - RESERVED + REJECTED CVE-2016-2749 - RESERVED + REJECTED CVE-2016-2748 - RESERVED + REJECTED CVE-2016-2747 - RESERVED + REJECTED CVE-2016-2746 - RESERVED + REJECTED CVE-2016-2745 - RESERVED + REJECTED CVE-2016-2744 - RESERVED + REJECTED CVE-2016-2743 - RESERVED + REJECTED CVE-2016-2742 - RESERVED + REJECTED CVE-2016-2741 - RESERVED + REJECTED CVE-2016-2740 - RESERVED + REJECTED CVE-2016-2739 - RESERVED + REJECTED CVE-2016-2738 - RESERVED + REJECTED CVE-2016-2737 - RESERVED + REJECTED CVE-2016-2736 - RESERVED + REJECTED CVE-2016-2735 - RESERVED + REJECTED CVE-2016-2734 - RESERVED + REJECTED CVE-2016-2733 - RESERVED + REJECTED CVE-2016-2732 - RESERVED + REJECTED CVE-2016-2731 - RESERVED + REJECTED CVE-2016-2730 - RESERVED + REJECTED CVE-2016-2729 - RESERVED + REJECTED CVE-2016-2728 - RESERVED + REJECTED CVE-2016-2727 - RESERVED + REJECTED CVE-2016-2726 - RESERVED + REJECTED CVE-2016-2725 - RESERVED + REJECTED CVE-2016-2724 - RESERVED + REJECTED CVE-2016-2723 - RESERVED + REJECTED CVE-2016-2722 - RESERVED + REJECTED CVE-2016-2721 - RESERVED + REJECTED CVE-2016-2720 - RESERVED + REJECTED CVE-2016-2719 - RESERVED + REJECTED CVE-2016-2718 - RESERVED + REJECTED CVE-2016-2717 - RESERVED + REJECTED CVE-2016-2716 - RESERVED + REJECTED CVE-2016-2715 - RESERVED + REJECTED CVE-2016-2714 - RESERVED + REJECTED CVE-2016-2713 - RESERVED + REJECTED CVE-2016-2712 - RESERVED + REJECTED CVE-2016-2711 - RESERVED + REJECTED CVE-2016-2710 - RESERVED + REJECTED CVE-2016-2709 - RESERVED + REJECTED CVE-2016-2708 - RESERVED + REJECTED CVE-2016-2707 - RESERVED + REJECTED CVE-2016-2706 - RESERVED + REJECTED CVE-2016-2705 - RESERVED + REJECTED CVE-2016-2704 - RESERVED + REJECTED CVE-2016-2703 - RESERVED + REJECTED CVE-2016-2702 - RESERVED + REJECTED CVE-2016-2701 - RESERVED + REJECTED CVE-2016-2700 - RESERVED + REJECTED CVE-2016-2699 - RESERVED + REJECTED CVE-2016-2698 - RESERVED + REJECTED CVE-2016-2697 - RESERVED + REJECTED CVE-2016-2696 - RESERVED + REJECTED CVE-2016-2695 - RESERVED + REJECTED CVE-2016-2694 - RESERVED + REJECTED CVE-2016-2693 - RESERVED + REJECTED CVE-2016-2692 - RESERVED + REJECTED CVE-2016-2691 - RESERVED + REJECTED CVE-2016-2690 - RESERVED + REJECTED CVE-2016-2689 - RESERVED + REJECTED CVE-2016-2688 - RESERVED + REJECTED CVE-2016-2687 - RESERVED + REJECTED CVE-2016-2686 - RESERVED + REJECTED CVE-2016-2685 - RESERVED + REJECTED CVE-2016-2684 - RESERVED + REJECTED CVE-2016-2683 - RESERVED + REJECTED CVE-2016-2682 - RESERVED + REJECTED CVE-2016-2681 - RESERVED + REJECTED CVE-2016-2680 - RESERVED + REJECTED CVE-2016-2679 - RESERVED + REJECTED CVE-2016-2678 - RESERVED + REJECTED CVE-2016-2677 - RESERVED + REJECTED CVE-2016-2676 - RESERVED + REJECTED CVE-2016-2675 - RESERVED + REJECTED CVE-2016-2674 - RESERVED + REJECTED CVE-2016-2673 - RESERVED + REJECTED CVE-2016-2672 - RESERVED + REJECTED CVE-2016-2671 - RESERVED + REJECTED CVE-2016-2670 - RESERVED + REJECTED CVE-2016-2669 - RESERVED + REJECTED CVE-2016-2668 - RESERVED + REJECTED CVE-2016-2667 - RESERVED + REJECTED CVE-2016-2666 - RESERVED + REJECTED CVE-2016-2665 - RESERVED + REJECTED CVE-2016-2664 - RESERVED + REJECTED CVE-2016-2663 - RESERVED + REJECTED CVE-2016-2662 - RESERVED + REJECTED CVE-2016-2661 - RESERVED + REJECTED CVE-2016-2660 - RESERVED + REJECTED CVE-2016-2659 - RESERVED + REJECTED CVE-2016-2658 - RESERVED + REJECTED CVE-2016-2657 - RESERVED + REJECTED CVE-2016-2656 - RESERVED + REJECTED CVE-2016-2655 - RESERVED + REJECTED CVE-2016-2654 - RESERVED + REJECTED CVE-2016-2653 - RESERVED + REJECTED CVE-2016-2652 - RESERVED + REJECTED CVE-2016-2651 - RESERVED + REJECTED CVE-2016-2650 - RESERVED + REJECTED CVE-2016-2649 - RESERVED + REJECTED CVE-2016-2648 - RESERVED + REJECTED CVE-2016-2647 - RESERVED + REJECTED CVE-2016-2646 - RESERVED + REJECTED CVE-2016-2645 - RESERVED + REJECTED CVE-2016-2644 - RESERVED + REJECTED CVE-2016-2643 - RESERVED + REJECTED CVE-2016-2642 - RESERVED + REJECTED CVE-2016-2641 - RESERVED + REJECTED CVE-2016-2640 - RESERVED + REJECTED CVE-2016-2639 - RESERVED + REJECTED CVE-2016-2638 - RESERVED + REJECTED CVE-2016-2637 - RESERVED + REJECTED CVE-2016-2636 - RESERVED + REJECTED CVE-2016-2635 - RESERVED + REJECTED CVE-2016-2634 - RESERVED + REJECTED CVE-2016-2633 - RESERVED + REJECTED CVE-2016-2632 - RESERVED + REJECTED CVE-2016-2631 - RESERVED + REJECTED CVE-2016-2630 - RESERVED + REJECTED CVE-2016-2629 - RESERVED + REJECTED CVE-2016-2628 - RESERVED + REJECTED CVE-2016-2627 - RESERVED + REJECTED CVE-2016-2626 - RESERVED + REJECTED CVE-2016-2625 - RESERVED + REJECTED CVE-2016-2624 - RESERVED + REJECTED CVE-2016-2623 - RESERVED + REJECTED CVE-2016-2622 - RESERVED + REJECTED CVE-2016-2621 - RESERVED + REJECTED CVE-2016-2620 - RESERVED + REJECTED CVE-2016-2619 - RESERVED + REJECTED CVE-2016-2618 - RESERVED + REJECTED CVE-2016-2617 - RESERVED + REJECTED CVE-2016-2616 - RESERVED + REJECTED CVE-2016-2615 - RESERVED + REJECTED CVE-2016-2614 - RESERVED + REJECTED CVE-2016-2613 - RESERVED + REJECTED CVE-2016-2612 - RESERVED + REJECTED CVE-2016-2611 - RESERVED + REJECTED CVE-2016-2610 - RESERVED + REJECTED CVE-2016-2609 - RESERVED + REJECTED CVE-2016-2608 - RESERVED + REJECTED CVE-2016-2607 - RESERVED + REJECTED CVE-2016-2606 - RESERVED + REJECTED CVE-2016-2605 - RESERVED + REJECTED CVE-2016-2604 - RESERVED + REJECTED CVE-2016-2603 - RESERVED + REJECTED CVE-2016-2602 - RESERVED + REJECTED CVE-2016-2601 - RESERVED + REJECTED CVE-2016-2600 - RESERVED + REJECTED CVE-2016-2599 - RESERVED + REJECTED CVE-2016-2598 - RESERVED + REJECTED CVE-2016-2597 - RESERVED + REJECTED CVE-2016-2596 - RESERVED + REJECTED CVE-2016-2595 - RESERVED + REJECTED CVE-2016-2594 - RESERVED + REJECTED CVE-2016-2593 - RESERVED + REJECTED CVE-2016-2592 - RESERVED + REJECTED CVE-2016-2591 - RESERVED + REJECTED CVE-2016-2590 - RESERVED + REJECTED CVE-2016-2589 - RESERVED + REJECTED CVE-2016-2588 - RESERVED + REJECTED CVE-2016-2587 - RESERVED + REJECTED CVE-2016-2586 - RESERVED + REJECTED CVE-2016-2585 - RESERVED + REJECTED CVE-2016-2584 - RESERVED + REJECTED CVE-2016-2583 - RESERVED + REJECTED CVE-2016-2582 - RESERVED + REJECTED CVE-2016-2581 - RESERVED + REJECTED CVE-2016-2580 - RESERVED + REJECTED CVE-2016-2579 - RESERVED + REJECTED CVE-2016-2578 - RESERVED + REJECTED CVE-2016-2577 - RESERVED + REJECTED CVE-2016-2576 - RESERVED + REJECTED CVE-2016-2575 - RESERVED + REJECTED CVE-2016-2574 - RESERVED + REJECTED CVE-2016-XXXX [unsafe use of /tmp] - wine <unfixed> (unimportant; bug #816034) - wine-development <unfixed> (unimportant; bug #816034) @@ -24206,7 +24206,7 @@ CVE-2016-2457 (server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x befor CVE-2016-2456 (The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One ...) NOT-FOR-US: Android CVE-2016-2455 - RESERVED + REJECTED CVE-2016-2454 (The Qualcomm hardware video codec in Android before 2016-05-01 on ...) NOT-FOR-US: Android CVE-2016-2453 (The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One ...) @@ -24302,7 +24302,7 @@ CVE-2016-2409 (A Texas Instruments (TI) haptic kernel driver in Android 6.x befo CVE-2016-2408 (An unspecified client-side component in Pulse Secure Desktop Client ...) NOT-FOR-US: Pulse Secure Desktop Client CVE-2016-2407 - RESERVED + REJECTED CVE-2016-2406 (The permission control module in Huawei Document Security Management ...) NOT-FOR-US: Huawei CVE-2016-2405 (Huawei Policy Center with software before V100R003C10SPC020 allows ...) @@ -24827,7 +24827,7 @@ CVE-2016-2286 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 0912071 CVE-2016-2285 (Cross-site request forgery (CSRF) vulnerability on Moxa ...) NOT-FOR-US: Moxa CVE-2016-2284 - RESERVED + REJECTED CVE-2016-2283 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration ...) NOT-FOR-US: Moxa ioLogik E2200 devices CVE-2016-2282 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration ...) @@ -24843,13 +24843,13 @@ CVE-2016-2278 (Schneider Electric Struxureware Building Operations Automation Se CVE-2016-2277 (IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) ...) NOT-FOR-US: Rockwell CVE-2016-2276 - RESERVED + REJECTED CVE-2016-2275 (The web interface on Advantech/B+B SmartWorx VESP211-EU devices with ...) NOT-FOR-US: SmartWorx CVE-2016-2274 (An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base ...) NOT-FOR-US: Adcon CVE-2016-2273 - RESERVED + REJECTED CVE-2016-2272 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...) NOT-FOR-US: Eaton Lighting CVE-2016-2271 (VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows ...) @@ -25323,29 +25323,29 @@ CVE-2016-2139 CVE-2016-2138 RESERVED CVE-2016-2137 - RESERVED + REJECTED CVE-2016-2136 - RESERVED + REJECTED CVE-2016-2135 - RESERVED + REJECTED CVE-2016-2134 - RESERVED + REJECTED CVE-2016-2133 - RESERVED + REJECTED CVE-2016-2132 - RESERVED + REJECTED CVE-2016-2131 - RESERVED + REJECTED CVE-2016-2130 - RESERVED + REJECTED CVE-2016-2129 - RESERVED + REJECTED CVE-2016-2128 - RESERVED + REJECTED CVE-2016-2127 - RESERVED + REJECTED CVE-2016-2126 [Flaws in Kerberos PAC validation can trigger privilege elevation] - RESERVED + REJECTED {DSA-3740-1} - samba 2:4.5.2+dfsg-2 [wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2) @@ -25598,13 +25598,13 @@ CVE-2016-2085 (The evm_verify_hmac function in security/integrity/evm/evm_main.c CVE-2016-2084 (F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM ...) NOT-FOR-US: F5 BIG-IP CVE-2016-2083 - RESERVED + REJECTED CVE-2016-2082 (Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log ...) NOT-FOR-US: VMware CVE-2016-2081 (Cross-site scripting (XSS) vulnerability in VMware vRealize Log ...) NOT-FOR-US: VMware CVE-2016-2080 - RESERVED + REJECTED CVE-2016-2079 (VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge ...) NOT-FOR-US: VMware CVE-2016-2078 (Cross-site scripting (XSS) vulnerability in the Web Client in VMware ...) @@ -25787,7 +25787,7 @@ CVE-2016-2047 (The ssl_verify_server_cert function in sql-common/client.c in Mar [squeeze] - mysql-5.5 <no-dsa> (will be fixed along with an upcoming Oracle CPU) NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-2035 - RESERVED + REJECTED CVE-2016-2034 RESERVED CVE-2016-2033 @@ -26458,7 +26458,7 @@ CVE-2016-1847 (OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, t CVE-2016-1846 (The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics ...) NOT-FOR-US: Apple CVE-2016-1845 - RESERVED + REJECTED CVE-2016-1844 (The Messages component in Apple OS X before 10.11.5 mishandles roster ...) NOT-FOR-US: Apple CVE-2016-1843 (The Messages component in Apple OS X before 10.11.5 mishandles ...) @@ -26708,7 +26708,7 @@ CVE-2016-1741 (The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X CVE-2016-1740 (FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before ...) NOT-FOR-US: Apple CVE-2016-1739 - RESERVED + REJECTED CVE-2016-1738 (dyld in Apple OS X before 10.11.4 allows attackers to bypass a ...) NOT-FOR-US: Apple CVE-2016-1737 (Carbon in Apple OS X before 10.11.4 allows remote attackers to execute ...) @@ -27307,13 +27307,13 @@ CVE-2016-1593 (Directory traversal vulnerability in the import users feature in CVE-2016-1592 (XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote ...) NOT-FOR-US: NetIQ Designer CVE-2016-1591 - RESERVED + REJECTED CVE-2016-1590 - RESERVED + REJECTED CVE-2016-1589 - RESERVED + REJECTED CVE-2016-1588 - RESERVED + REJECTED CVE-2016-1587 RESERVED CVE-2016-1586 @@ -27356,7 +27356,7 @@ CVE-2016-1575 (The overlayfs implementation in the Linux kernel through 4.5.2 do NOTE: http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/ NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360 CVE-2016-1574 - RESERVED + REJECTED CVE-2016-1573 RESERVED CVE-2016-1572 (mount.ecryptfs_private.c in eCryptfs-utils does not validate mount ...) @@ -27992,7 +27992,7 @@ CVE-2016-1334 (Cisco Small Business 500 Wireless Access Point devices with firmw CVE-2016-1333 (Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers ...) NOT-FOR-US: Cisco IOS CVE-2016-1332 - RESERVED + REJECTED CVE-2016-1331 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency ...) NOT-FOR-US: Cisco Emergency Responder CVE-2016-1330 (Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote ...) @@ -28195,7 +28195,7 @@ CVE-2016-1251 (There is a vulnerability of type use-after-free affecting DBD::my NOTE: Only an issue with mysql_server_prepare=1 NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1 (4.041) CVE-2016-1250 - RESERVED + REJECTED CVE-2016-1249 (The DBD::mysql module before 4.039 for Perl, when using server-side ...) - libdbd-mysql-perl 4.039-1 (bug #844475) [jessie] - libdbd-mysql-perl <no-dsa> (Minor issue) @@ -28435,15 +28435,15 @@ CVE-2016-1168 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF80 CVE-2016-1167 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP ...) NOT-FOR-US: NEC CVE-2016-1166 - RESERVED + REJECTED CVE-2016-1165 - RESERVED + REJECTED CVE-2016-1164 - RESERVED + REJECTED CVE-2016-1163 - RESERVED + REJECTED CVE-2016-1162 - RESERVED + REJECTED CVE-2016-1161 (Cross-site request forgery (CSRF) vulnerability in ManageEngine ...) NOT-FOR-US: ManageEngine Password Manager Pro CVE-2016-1160 (Cross-site scripting (XSS) vulnerability in the WP Favorite Posts ...) @@ -28473,9 +28473,9 @@ CVE-2016-1149 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 . CVE-2016-1148 (Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL ...) NOT-FOR-US: Akerun CVE-2016-1147 - RESERVED + REJECTED CVE-2016-1146 - RESERVED + REJECTED CVE-2016-1145 (Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER ...) NOT-FOR-US: NEC EXPRESSCLUSTER CVE-2016-1144 (Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM ...) @@ -29009,9 +29009,9 @@ CVE-2016-0887 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4. CVE-2016-0886 (EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows ...) NOT-FOR-US: EMC Documentum CVE-2016-0885 - RESERVED + REJECTED CVE-2016-0884 - RESERVED + REJECTED CVE-2016-0883 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before ...) NOT-FOR-US: Pivotal Cloud Foundry CVE-2016-0882 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows ...) @@ -29019,7 +29019,7 @@ CVE-2016-0882 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 al CVE-2016-0881 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows ...) NOT-FOR-US: EMC Documentum CVE-2016-0880 - RESERVED + REJECTED CVE-2016-0879 (Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies ...) NOT-FOR-US: Moxa CVE-2016-0878 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote ...) @@ -29089,7 +29089,7 @@ CVE-2016-0847 (The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before CVE-2016-0846 (libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x ...) NOT-FOR-US: Android CVE-2016-0845 - RESERVED + REJECTED CVE-2016-0844 (The Qualcomm RF driver in Android 6.x before 2016-04-01 does not ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-0843 (The Qualcomm ARM processor performance-event manager in Android 4.x ...) @@ -29684,7 +29684,7 @@ CVE-2016-0672 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking . CVE-2016-0671 (Unspecified vulnerability in the Oracle HTTP Server component in ...) NOT-FOR-US: Oracle CVE-2016-0670 - RESERVED + REJECTED CVE-2016-0669 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...) NOT-FOR-US: Solaris CVE-2016-0668 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and ...) @@ -29710,7 +29710,7 @@ CVE-2016-0665 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7) NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0664 - RESERVED + REJECTED CVE-2016-0663 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows ...) - mysql-5.6 <not-affected> (Only affects MySQL 5.7) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) @@ -29724,7 +29724,7 @@ CVE-2016-0661 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7) NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0660 - RESERVED + REJECTED CVE-2016-0659 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows ...) - mysql-5.6 <not-affected> (Only affects MySQL 5.7) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) @@ -29804,7 +29804,7 @@ CVE-2016-0646 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6 - mariadb-10.0 10.0.24-1 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0645 - RESERVED + REJECTED CVE-2016-0644 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...) {DSA-3595-1 DSA-3557-1 DLA-447-1} - mysql-5.6 5.6.30-1 (bug #821094) @@ -29845,7 +29845,7 @@ CVE-2016-0639 (Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and CVE-2016-0638 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) NOT-FOR-US: Oracle CVE-2016-0637 - RESERVED + REJECTED CVE-2016-0636 (Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 ...) {DSA-3558-1 DLA-451-1} - openjdk-8 8u77-b03-1 @@ -29870,35 +29870,35 @@ CVE-2016-0634 [bash prompt expanding return value from gethostname()] NOTE: exploit various other system components anyway NOTE: Fixed by (4.3): https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-047 CVE-2016-0633 - RESERVED + REJECTED CVE-2016-0632 - RESERVED + REJECTED CVE-2016-0631 - RESERVED + REJECTED CVE-2016-0630 - RESERVED + REJECTED CVE-2016-0629 - RESERVED + REJECTED CVE-2016-0628 - RESERVED + REJECTED CVE-2016-0627 - RESERVED + REJECTED CVE-2016-0626 - RESERVED + REJECTED CVE-2016-0625 - RESERVED + REJECTED CVE-2016-0624 - RESERVED + REJECTED CVE-2016-0623 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote ...) NOT-FOR-US: Solaris CVE-2016-0622 - RESERVED + REJECTED CVE-2016-0621 - RESERVED + REJECTED CVE-2016-0620 - RESERVED + REJECTED CVE-2016-0619 - RESERVED + REJECTED CVE-2016-0618 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris CVE-2016-0617 (Unspecified vulnerability in the kernel-uek component in Oracle Linux ...) @@ -29915,13 +29915,13 @@ CVE-2016-0616 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and - mariadb-10.0 10.0.23-1 NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL CVE-2016-0615 - RESERVED + REJECTED CVE-2016-0614 (Unspecified vulnerability in the Oracle BI Publisher component in ...) NOT-FOR-US: Oracle CVE-2016-0613 - RESERVED + REJECTED CVE-2016-0612 - RESERVED + REJECTED CVE-2016-0611 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 ...) - mysql-5.6 5.6.28-1 (bug #811443) - mysql-5.5 <not-affected> (Only affects MySQL 5.6) @@ -29959,7 +29959,7 @@ CVE-2016-0605 (Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allo - mysql-5.5 <not-affected> (Only affects MySQL 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL CVE-2016-0604 - RESERVED + REJECTED CVE-2016-0603 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...) - openjdk-8 <not-affected> (Java on Windows) - openjdk-7 <not-affected> (Java on Windows) @@ -30008,7 +30008,7 @@ CVE-2016-0594 (Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allo - mysql-5.5 <not-affected> (Only affects MySQL 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL CVE-2016-0593 - RESERVED + REJECTED CVE-2016-0592 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...) {DSA-3454-1} - virtualbox 5.0.14-dfsg-1 @@ -30418,7 +30418,7 @@ CVE-2016-0412 (Unspecified vulnerability in the PeopleSoft Enterprise SCM ...) CVE-2016-0411 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle CVE-2016-0410 - RESERVED + REJECTED CVE-2016-0409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Global ...) NOT-FOR-US: Oracle CVE-2016-0408 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) @@ -30889,7 +30889,7 @@ CVE-2016-0179 (Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, . CVE-2016-0178 (The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 ...) NOT-FOR-US: Microsoft CVE-2016-0177 - RESERVED + REJECTED CVE-2016-0176 (dxgkrnl.sys in the DirectX Graphics kernel subsystem in the ...) NOT-FOR-US: Microsoft CVE-2016-0175 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) @@ -30899,7 +30899,7 @@ CVE-2016-0174 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows S CVE-2016-0173 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft CVE-2016-0172 - RESERVED + REJECTED CVE-2016-0171 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft CVE-2016-0170 (GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 ...) @@ -30917,7 +30917,7 @@ CVE-2016-0165 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Se CVE-2016-0164 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2016-0163 - RESERVED + REJECTED CVE-2016-0162 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2016-0161 (Microsoft Edge allows remote attackers to bypass the Same Origin ...) @@ -30951,11 +30951,11 @@ CVE-2016-0148 (Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading CVE-2016-0147 (Microsoft XML Core Services 3.0 allows remote attackers to execute ...) NOT-FOR-US: Microsoft XML Core Services CVE-2016-0146 - RESERVED + REJECTED CVE-2016-0145 (The font library in Microsoft Windows Vista SP2; Windows Server 2008 ...) NOT-FOR-US: Microsoft Windows CVE-2016-0144 - RESERVED + REJECTED CVE-2016-0143 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2016-0142 (Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows ...) @@ -30981,7 +30981,7 @@ CVE-2016-0133 (The USB Mass Storage Class driver in Microsoft Windows Vista SP2, CVE-2016-0132 (Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and ...) NOT-FOR-US: Microsoft CVE-2016-0131 - RESERVED + REJECTED CVE-2016-0130 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) NOT-FOR-US: Microsoft CVE-2016-0129 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) @@ -31005,7 +31005,7 @@ CVE-2016-0121 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Wi CVE-2016-0120 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft CVE-2016-0119 - RESERVED + REJECTED CVE-2016-0118 (The PDF library in Microsoft Windows 10 Gold and 1511 allows remote ...) NOT-FOR-US: Microsoft CVE-2016-0117 (The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and ...) @@ -31013,7 +31013,7 @@ CVE-2016-0117 (The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gol CVE-2016-0116 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) NOT-FOR-US: Microsoft CVE-2016-0115 - RESERVED + REJECTED CVE-2016-0114 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft CVE-2016-0113 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) @@ -31049,7 +31049,7 @@ CVE-2016-0099 (The Secondary Logon Service in Microsoft Windows Vista SP2, Windo CVE-2016-0098 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, ...) NOT-FOR-US: Microsoft CVE-2016-0097 - RESERVED + REJECTED CVE-2016-0096 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft CVE-2016-0095 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...) @@ -31071,31 +31071,31 @@ CVE-2016-0088 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2 CVE-2016-0087 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and ...) NOT-FOR-US: Microsoft CVE-2016-0086 - RESERVED + REJECTED CVE-2016-0085 - RESERVED + REJECTED CVE-2016-0084 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) NOT-FOR-US: Microsoft CVE-2016-0083 - RESERVED + REJECTED CVE-2016-0082 - RESERVED + REJECTED CVE-2016-0081 - RESERVED + REJECTED CVE-2016-0080 (Microsoft Edge mishandles exceptions during window-message dispatch ...) NOT-FOR-US: Microsoft CVE-2016-0079 (The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local ...) NOT-FOR-US: Microsoft CVE-2016-0078 - RESERVED + REJECTED CVE-2016-0077 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse ...) NOT-FOR-US: Microsoft CVE-2016-0076 - RESERVED + REJECTED CVE-2016-0075 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, ...) NOT-FOR-US: Microsoft CVE-2016-0074 - RESERVED + REJECTED CVE-2016-0073 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, ...) NOT-FOR-US: Microsoft CVE-2016-0072 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) @@ -31111,9 +31111,9 @@ CVE-2016-0068 (Microsoft Internet Explorer 9 through 11 allows remote attackers CVE-2016-0067 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2016-0066 - RESERVED + REJECTED CVE-2016-0065 - RESERVED + REJECTED CVE-2016-0064 (Microsoft Internet Explorer 10 allows remote attackers to execute ...) NOT-FOR-US: Microsoft CVE-2016-0063 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) @@ -31153,11 +31153,11 @@ CVE-2016-0047 (WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, CVE-2016-0046 (Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and ...) NOT-FOR-US: Microsoft CVE-2016-0045 - RESERVED + REJECTED CVE-2016-0044 (Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and ...) NOT-FOR-US: Microsoft CVE-2016-0043 - RESERVED + REJECTED CVE-2016-0042 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) NOT-FOR-US: Microsoft CVE-2016-0041 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) @@ -31189,7 +31189,7 @@ CVE-2016-0029 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (O CVE-2016-0028 (Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, ...) NOT-FOR-US: Microsoft CVE-2016-0027 - RESERVED + REJECTED CVE-2016-0026 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) NOT-FOR-US: Microsoft CVE-2016-0025 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...) @@ -31197,7 +31197,7 @@ CVE-2016-0025 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 201 CVE-2016-0024 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) NOT-FOR-US: Microsoft CVE-2016-0023 - RESERVED + REJECTED CVE-2016-0022 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...) NOT-FOR-US: Microsoft CVE-2016-0021 (Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote ...) @@ -31209,7 +31209,7 @@ CVE-2016-0019 (The Remote Desktop Protocol (RDP) service implementation in Micro CVE-2016-0018 (Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 ...) NOT-FOR-US: Microsoft CVE-2016-0017 - RESERVED + REJECTED CVE-2016-0016 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) NOT-FOR-US: Microsoft CVE-2016-0015 (DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...) @@ -31217,7 +31217,7 @@ CVE-2016-0015 (DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP CVE-2016-0014 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) NOT-FOR-US: Microsoft CVE-2016-0013 - RESERVED + REJECTED CVE-2016-0012 (Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio ...) NOT-FOR-US: Microsoft CVE-2016-0011 (Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 ...) @@ -31235,13 +31235,13 @@ CVE-2016-0006 (The sandbox implementation in Microsoft Windows Vista SP2, Window CVE-2016-0005 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2016-0004 - RESERVED + REJECTED CVE-2016-0003 (Microsoft Edge allows remote attackers to execute arbitrary code via ...) NOT-FOR-US: Microsoft CVE-2016-0002 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...) NOT-FOR-US: Microsoft CVE-2016-0001 - RESERVED + REJECTED CVE-2016-1000033 (Shotwell version 0.22.0 (and possibly other versions) is vulnerable to ...) - shotwell 0.22.0-3 (low; bug #807110) [jessie] - shotwell <no-dsa> (Minor issue) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index cb32f710c0..b7f84ceb6d 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,19 @@ +CVE-2017-8906 (An integer underflow vulnerability exists in pixel-a.asm, the x86 ...) + TODO: check +CVE-2017-8902 + RESERVED +CVE-2017-8901 + RESERVED +CVE-2017-8900 + RESERVED +CVE-2017-8899 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...) + TODO: check +CVE-2017-8898 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...) + TODO: check +CVE-2017-8897 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...) + TODO: check +CVE-2017-8896 + RESERVED CVE-2017-8895 (In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before ...) NOT-FOR-US: Veritas CVE-2017-8894 @@ -94,10 +110,10 @@ CVE-2017-8853 (Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in ... NOT-FOR-US: Fiyo CMS CVE-2017-8852 (SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It ...) NOT-FOR-US: SAP -CVE-2017-8851 - RESERVED -CVE-2017-8850 - RESERVED +CVE-2017-8851 (An issue was discovered on OnePlus One and X devices. Due to a lenient ...) + TODO: check +CVE-2017-8850 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to ...) + TODO: check CVE-2017-8849 RESERVED - smb4k <unfixed> @@ -1018,13 +1034,16 @@ CVE-2017-8419 (LAME through 3.99.5 relies on the signed integer data type for va NOTE: https://sourceforge.net/p/lame/bugs/458/ NOTE: Issue addressed in Debian via: https://sources.debian.net/patches/lame/3.99.5%2Brepack1-9/0001-Add-check-for-invalid-input-sample-rate.patch/ NOTE: in the revised version as included in 3.99.5+repack1-7 -CVE-2017-8905 [possible memory corruption via failsafe callback / XSA-215] +CVE-2017-8905 (Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, ...) + {DSA-3847-1} - xen 4.8.0~rc3-1 (bug #861662) NOTE: https://xenbits.xen.org/xsa/advisory-215.html -CVE-2017-8904 [grant transfer allows PV guest to elevate privileges / XSA-214] +CVE-2017-8904 (Xen through 4.8.x mishandles the "contains segment descriptors" ...) + {DSA-3847-1} - xen 4.8.1-1+deb9u1 (bug #861660) NOTE: https://xenbits.xen.org/xsa/advisory-214.html -CVE-2017-8903 [64bit PV guest breakout / XSA-213] +CVE-2017-8903 (Xen through 4.8.x on 64-bit platforms mishandles page tables after an ...) + {DSA-3847-1} - xen 4.8.1-1+deb9u1 (bug #861659) NOTE: https://xenbits.xen.org/xsa/advisory-213.html CVE-2017-8418 (RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing ...) @@ -3494,8 +3513,7 @@ CVE-2017-7473 [Potential information disclosure via no_log directive] NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1440912 NOTE: Possibly https://github.com/ansible/ansible/issues/22505 NOTE: but needs confirmation. -CVE-2017-7472 [keyctl_set_reqkey_keyring() leaks thread keyrings] - RESERVED +CVE-2017-7472 (The KEYS subsystem in the Linux kernel before 4.10.13 allows local ...) {DLA-922-1} - linux 4.9.25-1 [jessie] - linux 3.16.43-1 @@ -7454,8 +7472,8 @@ CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml CVE-2017-5949 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...) - webkitgtk <unfixed> (unimportant) NOTE: Not covered by security support -CVE-2017-5948 - RESERVED +CVE-2017-5948 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. ...) + TODO: check CVE-2017-5947 RESERVED CVE-2017-5946 (The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a ...) @@ -16662,7 +16680,7 @@ CVE-2017-2156 (Untrusted search path vulnerability in Vivaldi installer for Wind NOT-FOR-US: Vivaldi installer Windows CVE-2017-2155 (Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 ...) NOT-FOR-US: Hoozin Viewer -CVE-2017-2154 (Cross-site scripting vulnerability in Booking Calendar version 7.1 and ...) +CVE-2017-2154 (Untrusted search path vulnerability in Hanako 2017, Hanako 2016, ...) NOT-FOR-US: Booking Calendar CVE-2017-2153 (SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to ...) NOT-FOR-US: SEIL |