automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@26763 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2014-04-30 21:14:10 +0000
committer: Joey Hess <joeyh@debian.org> 2014-04-30 21:14:10 +0000
commit: 19de4a08aec58f7e1a1a9fd77a1b489a71f6f07d (patch)
tree: 236c22b47cebe75133d2f9dd9cbb31e1259a1263 /data/CVE
parent: d0a727b279b13253e154f5d24a17d456ab5d4ce8 (diff)
7 files changed, 481 insertions, 272 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index 4fbb51f28f..19cd2bcfba 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -1,4 +1,4 @@
-CVE-2001-1593 (The tempname_ensure function lib/routines.h in a2ps 4.14 and earlier, ...)
+CVE-2001-1593 (The tempname_ensure function in lib/routines.h in a2ps 4.14 and ...)
 	{DSA-2892-1}
 	- a2ps 1:4.14-1.2 (low; bug #737385)
 	[wheezy] - a2ps <no-dsa> (Minor issue)
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index c0b8f533da..127ab0356f 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -10305,7 +10305,7 @@ CVE-2009-1268 (The Check Point High-Availability Protocol (CPHAP) dissector in .
 	[etch] - wireshark 0.99.4-5.etch.4
 CVE-2009-1267 (Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 ...)
 	- wireshark <not-affected> (Only affects Wireshark on Windows)
-CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7-0.1-1 has unknown ...)
+CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact ...)
 	NOTE: Dupe of CVE-2009-1210
 CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux ...)
 	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index f23bcf9a1b..8849ce1b48 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -404,8 +404,7 @@ CVE-2010-5107 (The default configuration of OpenSSH through 6.1 enforces a fixed
 	[squeeze] - openssh 1:5.5p1-6+squeeze3
 CVE-2010-5106 (The XML-RPC remote publishing interface in xmlrpc.php in WordPress ...)
 	- wordpress 3.0.3-1
-CVE-2010-5105 [blender /tmp/quit.blend temp file issue]
-	RESERVED
+CVE-2010-5105 (The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ...)
 	- blender <unfixed> (low; bug #584621)
 	[squeeze] - blender <no-dsa> (Minor issue)
 	[wheezy] - blender <no-dsa> (Minor issue)
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index f0e3625095..70d2a076bd 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -1,3 +1,5 @@
+CVE-2011-5279 (CRLF injection vulnerability in the CGI implementation in Microsoft ...)
+	TODO: check
 CVE-2011-5278 (SQL injection vulnerability in signature.php in Advanced Forum ...)
 	NOT-FOR-US: MyBB plugin Advanced Forum Signatures
 CVE-2011-5277 (Multiple SQL injection vulnerabilities in signature.php in the ...)
@@ -4160,12 +4162,10 @@ CVE-2011-3604 (The process_ra function in the router advertisement daemon (radvd
 	{DSA-2323-1}
 	- radvd 1:1.8-1.1 (bug #644614)
 	NOTE: http://seclists.org/oss-sec/2011/q4/30
-CVE-2011-3603
-	RESERVED
+CVE-2011-3603 (The router advertisement daemon (radvd) before 1.8.2 does not properly ...)
 	NOTE: http://seclists.org/oss-sec/2011/q4/30
 	NOTE: should be rejected (http://seclists.org/oss-sec/2011/q4/72)
-CVE-2011-3602
-	RESERVED
+CVE-2011-3602 (Directory traversal vulnerability in device-linux.c in the router ...)
 	{DSA-2323-1}
 	- radvd 1:1.8-1.1 (bug #644614)
 	NOTE: http://seclists.org/oss-sec/2011/q4/30
@@ -5367,8 +5367,7 @@ CVE-2011-3154 (DistUpgrade/DistUpgradeViewKDE.py in Update Manager before ...)
 	NOTE: see bug #650307
 CVE-2011-3153 (dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows ...)
 	- lightdm 1.0.6-2
-CVE-2011-3152
-	RESERVED
+CVE-2011-3152 (DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before ...)
 	- update-manager <not-affected> (ubuntu-specific issue)
 	NOTE: see bug #650307
 CVE-2011-3151
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 9210be463a..565dac93a4 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -337,7 +337,7 @@ CVE-2012-6516 (SQL injection vulnerability in PHP Ticket System Beta 1 allows re
 	NOT-FOR-US: PHP Ticket System Beta
 CVE-2012-6515 (eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers ...)
 	NOT-FOR-US: eFront
-CVE-2012-6514 (Cross-site scripting (XSS) vulnerability in the nBill (com_netinvoice) ...)
+CVE-2012-6514 (Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) ...)
 	NOT-FOR-US: nBill for Joomla!
 CVE-2012-6513 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: gpEasy CMS
@@ -2251,8 +2251,8 @@ CVE-2012-5725
 	RESERVED
 CVE-2012-5724
 	RESERVED
-CVE-2012-5723
-	RESERVED
+CVE-2012-5723 (Cisco ASR 1000 devices with software before 3.8S, when BDI routing is ...)
+	TODO: check
 CVE-2012-5722
 	RESERVED
 CVE-2012-5721
@@ -4573,7 +4573,7 @@ CVE-2012-4755 (Untrusted search path vulnerability in SciTools Understand before
 CVE-2012-4754 (Multiple untrusted search path vulnerabilities in MindManager 2012 ...)
 	NOT-FOR-US: MindManager
 CVE-2012-4410
-	RESERVED
+	REJECTED
 	NOTE: to be rejected
 CVE-2012-4753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
@@ -5900,8 +5900,7 @@ CVE-2012-4232 (SQL injection vulnerability in admin/index.php in jCore before 1.
 	NOT-FOR-US: jCore
 CVE-2012-4231 (Cross-site scripting (XSS) vulnerability in admin/index.php in jCore ...)
 	NOT-FOR-US: jCore
-CVE-2012-4230 [XSS attacks via security policy bypass]
-	RESERVED
+CVE-2012-4230 (The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the ...)
 	- tinymce <unfixed>
 	- python-django-tinymce <unfixed>
 	TODO: check
@@ -6744,8 +6743,8 @@ CVE-2012-3948
 	RESERVED
 CVE-2012-3947
 	RESERVED
-CVE-2012-3946
-	RESERVED
+CVE-2012-3946 (Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ...)
+	TODO: check
 CVE-2012-3945
 	RESERVED
 CVE-2012-3944
@@ -7983,7 +7982,7 @@ CVE-2012-3417 (The good_client function in rquotad (rquota_svc.c) in Linux DiskQ
 CVE-2012-3416 (Condor before 7.8.2 allows remote attackers to bypass host-based ...)
 	- condor 7.8.2~dfsg.1-1 (bug #685366)
 CVE-2012-3415
-	RESERVED
+	REJECTED
 	- plpupload <itp> (bug #668396)
 	- wordpress 3.3.2
 CVE-2012-3414 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload ...)
@@ -9075,7 +9074,8 @@ CVE-2012-2953 (The management console in Symantec Web Gateway 5.0.x before 5.0.3
 	NOT-FOR-US: Symantec Web Gateway
 CVE-2012-2952 (SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier ...)
 	NOT-FOR-US: Jaow
-CVE-2012-2951 (SQL injection vulnerability in plog-rss.php in Plogger allows remote ...)
+CVE-2012-2951
+	REJECTED
 	NOT-FOR-US: Plogger
 CVE-2012-2950
 	RESERVED
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 7303673f87..a8f68b3840 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1,3 +1,7 @@
+CVE-2013-7373 (Android before 4.4 does not properly arrange for seeding of the ...)
+	TODO: check
+CVE-2013-7372 (The engineNextBytes function in ...)
+	TODO: check
 CVE-2013-XXXX [buffer overflow in miniupnpc]
 	- miniupnpc <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1085618
@@ -6,6 +10,7 @@ CVE-2013-XXXX [buffer overflow in miniupnpc]
 CVE-2013-7369 (SQL injection vulnerability in an unspecified DLL in the FSDBCom ...)
 	NOT-FOR-US: F-Secure Anti-Virus
 CVE-2013-7374
+	RESERVED
 	NOT-FOR-US: indicator-datetime
 CVE-2013-7371 [XSS in the Sencha Labs Connect middleware]
 	RESERVED
@@ -227,8 +232,7 @@ CVE-2013-7303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
 	- spip 3.0.13-1 (bug #736170)
 	[wheezy] - spip 2.1.17-1+deb7u3
 	[squeeze] - spip 2.1.1-3squeeze8
-CVE-2013-7302
-	RESERVED
+CVE-2013-7302 (Session fixation vulnerability in the Ubercart module 6.x-2.x before ...)
 	NOT-FOR-US: Drupal contrib
 CVE-2013-7301 (Cantata before 1.2.2 does not restrict access to files in the play ...)
 	- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
@@ -298,12 +302,10 @@ CVE-2013-7285 [remote code execution via deserialization in XStream]
 	NOTE: http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html
 	NOTE: http://markmail.org/message/kfqoqdfj5fnup5co?q=list:org.codehaus.xstream.dev&page=3
 	NOTE: initial patch: https://fisheye.codehaus.org/changelog/xstream?cs=2210
-CVE-2013-7284 [libplrpc-perl remote code execution due to Storable]
-	RESERVED
+CVE-2013-7284 (The PlRPC module, possibly 0.2020 and earlier, for Perl uses the ...)
 	- libplrpc-perl <removed> (high; bug #734789)
 	NOTE: Upstream appears dead.
-CVE-2013-7273 [no prompt anymore after login cancel using disable_user_list]
-	RESERVED
+CVE-2013-7273 (GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list ...)
 	- gdm3 <unfixed> (low; bug #683338)
 	[wheezy] - gdm3 <no-dsa> (Minor issue)
 	[squeeze] - gdm3 <not-affected> (Vulnerable code not present)
@@ -397,8 +399,7 @@ CVE-2013-7238
 	RESERVED
 CVE-2013-7237
 	RESERVED
-CVE-2013-7259
-	RESERVED
+CVE-2013-7259 (Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J ...)
 	- neo4j-community <itp> (bug #685615)
 	NOTE: http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html
 CVE-2013-7258 (Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before ...)
@@ -593,14 +594,11 @@ CVE-2013-7239 (memcached before 1.4.17 allows remote attackers to bypass ...)
 	NOTE: https://code.google.com/p/memcached/wiki/ReleaseNotes1417
 	NOTE: https://code.google.com/p/memcached/issues/detail?id=316
 	NOTE: https://github.com/memcached/memcached/commit/87c1cf0f20be20608d3becf854e9cf0910f4ad32
-CVE-2013-7236
-	RESERVED
+CVE-2013-7236 (Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote ...)
 	NOT-FOR-US: Simple Machines Forum
-CVE-2013-7235
-	RESERVED
+CVE-2013-7235 (Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows ...)
 	NOT-FOR-US: Simple Machines Forum
-CVE-2013-7234
-	RESERVED
+CVE-2013-7234 (Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows ...)
 	NOT-FOR-US: Simple Machines Forum
 CVE-2013-7225 (Multiple SQL injection vulnerabilities in ...)
 	NOT-FOR-US: Fat Free CRM
@@ -610,14 +608,12 @@ CVE-2013-7223 (Multiple cross-site request forgery (CSRF) vulnerabilities in Fat
 	NOT-FOR-US: Fat Free CRM
 CVE-2013-7222 (config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has ...)
 	NOT-FOR-US: Fat Free CRM
-CVE-2013-7221 [run command dialog visible above screen locker]
-	RESERVED
+CVE-2013-7221 (The automatic screen lock functionality in GNOME Shell (aka ...)
 	- gnome-shell <unfixed>
 	[wheezy] - gnome-shell <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=708313
 	NOTE: https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088
-CVE-2013-7220 [blind command execution via activities search keyboard focus]
-	RESERVED
+CVE-2013-7220 (js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 ...)
 	- gnome-shell <unfixed>
 	[wheezy] - gnome-shell <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=686740
@@ -672,8 +668,7 @@ CVE-2013-7135 (The Proc::Daemon module 0.14 for Perl uses world-writable permiss
 	[wheezy] - libproc-daemon-perl <no-dsa> (Minor issue)
 	[squeeze] - libproc-daemon-perl <not-affected> (does not have pid_file option)
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=91450
-CVE-2013-7134
-	RESERVED
+CVE-2013-7134 (Juvia uses the same secret key for all installations, which allows ...)
 	NOT-FOR-US: Juvia
 CVE-2013-7133
 	RESERVED
@@ -769,8 +764,7 @@ CVE-2013-7112 (The dissect_sip_common function in epan/dissectors/packet-sip.c i
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-66.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388
 	NOTE: Not suitable for code injection
-CVE-2013-7111
-	RESERVED
+CVE-2013-7111 (The put_call function in the API client (api/api_client.rb) in the ...)
 	NOT-FOR-US: Bio Basespace SDK Ruby Gem
 CVE-2013-7110
 	RESERVED
@@ -797,21 +791,17 @@ CVE-2013-7106 (Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9
 	NOTE: https://dev.icinga.org/issues/5250
 CVE-2013-7083
 	RESERVED
-CVE-2013-7068
-	RESERVED
+CVE-2013-7068 (The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal ...)
+	TODO: check
 CVE-2013-7067 (The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not ...)
 	NOT-FOR-US: Drupal module
-CVE-2013-7066
-	RESERVED
+CVE-2013-7066 (The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal ...)
 	NOT-FOR-US: Drupal module
-CVE-2013-7065
-	RESERVED
+CVE-2013-7065 (The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal ...)
 	NOT-FOR-US: Drupal module
-CVE-2013-7064
-	RESERVED
+CVE-2013-7064 (Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance ...)
 	NOT-FOR-US: Drupal module
-CVE-2013-7063
-	RESERVED
+CVE-2013-7063 (The Invitation module 7.x-2.x for Drupal does not properly check ...)
 	NOT-FOR-US: Drupal module
 CVE-2013-7059
 	RESERVED
@@ -1369,8 +1359,7 @@ CVE-2013-6889 [Allows reading arbitrary files]
 CVE-2013-6888 (Uscan in devscripts before 2.13.9 allows remote attackers to execute ...)
 	{DSA-2836-1}
 	- devscripts 2.13.9
-CVE-2013-6887
-	RESERVED
+CVE-2013-6887 (OpenJPEG 1.5.1 allows remote attackers to cause a denial of service ...)
 	- openjpeg 1.5.2-1 (bug #731237)
 	[wheezy] - openjpeg <not-affected> (Only affects 1.5)
 	[squeeze] - openjpeg <not-affected> (Only affects 1.5)
@@ -1697,8 +1686,8 @@ CVE-2013-6740
 	RESERVED
 CVE-2013-6739
 	RESERVED
-CVE-2013-6738
-	RESERVED
+CVE-2013-6738 (Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics ...)
+	TODO: check
 CVE-2013-6737
 	RESERVED
 CVE-2013-6736
@@ -3517,8 +3506,7 @@ CVE-2013-6055
 CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and ...)
 	{DSA-2808-1}
 	- openjpeg 1.3+dfsg-4.7 (bug #731237)
-CVE-2013-6053
-	RESERVED
+CVE-2013-6053 (OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information ...)
 	- openjpeg 1.5.2-1 (bug #731237)
 	[wheezy] - openjpeg <not-affected> (Only affects 1.5)
 	[squeeze] - openjpeg <not-affected> (Only affects 1.5)
@@ -3729,12 +3717,11 @@ CVE-2013-5958
 	RESERVED
 CVE-2013-5957 (Multiple SQL injection vulnerabilities in ...)
 	NOT-FOR-US: CiviCRM
-CVE-2013-5956
-	RESERVED
+CVE-2013-5956 (Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php ...)
+	TODO: check
 CVE-2013-5955 (Cross-site scripting (XSS) vulnerability in manage.php in the ...)
 	NOT-FOR-US: Joomla plugin
-CVE-2013-5954
-	RESERVED
+CVE-2013-5954 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX ...)
 	NOT-FOR-US: OpenX
 CVE-2013-5953 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: Joomla component multi calendar
@@ -4462,8 +4449,8 @@ CVE-2013-5661 [DNS response rate limiting can simplify cache poisoning attacks]
 	NOTE: DNS protocol flaw
 	NOTE: http://www.certa.ssi.gouv.fr/site/CERTA-2013-AVI-506/index.html
 	NOTE: https://www.isc.org/blogs/cache-poisoning-gets-a-second-wind-from-rrl-probably-not/
-CVE-2013-5660
-	RESERVED
+CVE-2013-5660 (Buffer overflow in Power Software WinArchiver 3.2 allows remote ...)
+	TODO: check
 CVE-2013-5659
 	RESERVED
 CVE-2013-5658
@@ -6597,16 +6584,16 @@ CVE-2013-4728
 	RESERVED
 CVE-2013-4727
 	RESERVED
-CVE-2013-4726
-	RESERVED
+CVE-2013-4726 (Cross-site request forgery (CSRF) vulnerability in DDSN Interactive ...)
+	TODO: check
 CVE-2013-4725
 	RESERVED
 CVE-2013-4724
 	RESERVED
-CVE-2013-4723
-	RESERVED
-CVE-2013-4722
-	RESERVED
+CVE-2013-4723 (Open redirect vulnerability in DDSN Interactive cm3 Acora CMS ...)
+	TODO: check
+CVE-2013-4722 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2013-4721 (SQL injection vulnerability in the RSS feed from records extension ...)
 	NOT-FOR-US: records extension for TYPO3
 CVE-2013-4720 (SQL injection vulnerability in the WEC Discussion Forum extension ...)
@@ -6986,8 +6973,7 @@ CVE-2013-4567 (Incomplete blacklist vulnerability in Sanitizer::checkCss in Medi
 CVE-2013-4566 (mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the ...)
 	- libapache2-mod-nss 1.0.8-4 (low; bug #731627)
 	[wheezy] - libapache2-mod-nss <no-dsa> (Minor issue)
-CVE-2013-4565 [heap-based buffer overflow]
-	RESERVED
+CVE-2013-4565 (Heap-based buffer overflow in the __OLEdecode function in ppthtml ...)
 	- xlhtml <removed> (bug #729279)
 CVE-2013-4564 (Libreswan 3.6 allows remote attackers to cause a denial of service ...)
 	NOT-FOR-US: libreswan
@@ -7880,10 +7866,9 @@ CVE-2013-4338 (wp-includes/functions.php in WordPress before 3.6.1 does not prop
 	- wordpress 3.6.1+dfsg-1 (bug #722537)
 	NOTE: http://core.trac.wordpress.org/changeset/25325
 CVE-2013-4337
-	RESERVED
+	REJECTED
 	NOT-FOR-US: Drupal module
-CVE-2013-4336
-	RESERVED
+CVE-2013-4336 (Cross-site scripting (XSS) vulnerability in the admin page in the Flag ...)
 	NOT-FOR-US: Drupal module
 CVE-2013-4335
 	RESERVED
@@ -8053,8 +8038,8 @@ CVE-2013-4286 (Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before ..
 	- tomcat6 6.0.39
 	- tomcat7 7.0.47
 	- tomcat8 8.0.0
-CVE-2013-4285
-	RESERVED
+CVE-2013-4285 (A certain Gentoo patch for the PAM S/Key module does not properly ...)
+	TODO: check
 CVE-2013-4284 (Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers ...)
 	NOT-FOR-US: Cumin
 CVE-2013-4283 (ns-slapd in 389 Directory Server before 1.3.0.8 allows remote ...)
@@ -8528,7 +8513,7 @@ CVE-2013-4147 (Multiple format string vulnerabilities in Yet Another Radius Daem
 CVE-2013-4146
 	RESERVED
 CVE-2013-4145
-	RESERVED
+	REJECTED
 CVE-2013-4144
 	RESERVED
 CVE-2013-4143
@@ -10988,8 +10973,8 @@ CVE-2013-3071
 	RESERVED
 CVE-2013-3070
 	RESERVED
-CVE-2013-3069
-	RESERVED
+CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR ...)
+	TODO: check
 CVE-2013-3068
 	RESERVED
 CVE-2013-3067
@@ -13854,8 +13839,7 @@ CVE-2013-2027
 	RESERVED
 CVE-2013-2026
 	REJECTED
-CVE-2013-2025
-	RESERVED
+CVE-2013-2025 (Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x ...)
 	NOT-FOR-US: Ushahidi
 CVE-2013-2024 [OS command injection vulnerability in Chicken Scheme]
 	RESERVED
@@ -14621,8 +14605,8 @@ CVE-2013-1806
 	RESERVED
 CVE-2013-1805
 	RESERVED
-CVE-2013-1804
-	RESERVED
+CVE-2013-1804 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...)
+	TODO: check
 CVE-2013-1803
 	RESERVED
 CVE-2013-1802 (The extlib gem 0.9.15 and earlier for Ruby does not properly restrict ...)
@@ -18750,8 +18734,7 @@ CVE-2013-0298 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4
 CVE-2013-0297 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
 	- owncloud 4.0.8debian-1.5 (bug #701115)
 	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
-CVE-2013-0296 [creates temp files with too wide permissions]
-	RESERVED
+CVE-2013-0296 (Race condition in pigz before 2.2.5 uses permissions derived from the ...)
 	- pigz 2.2.4-2 (low; bug #700608)
 	[squeeze] - pigz 2.1.6-1+squeeze1
 CVE-2013-0295 [CreateID() creates serialized packet IDs for RADIUS]
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 76b55624c7..fa90994c04 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -1,3 +1,285 @@
+CVE-2014-3128
+	RESERVED
+CVE-2014-3127
+	RESERVED
+CVE-2014-3126
+	RESERVED
+CVE-2014-3125
+	RESERVED
+CVE-2014-3124
+	RESERVED
+CVE-2014-3123
+	RESERVED
+CVE-2014-3122
+	RESERVED
+CVE-2014-3121
+	RESERVED
+CVE-2014-3120
+	RESERVED
+CVE-2014-3119
+	RESERVED
+CVE-2014-3118
+	RESERVED
+CVE-2014-3117
+	RESERVED
+CVE-2014-3116
+	RESERVED
+CVE-2014-3115
+	RESERVED
+CVE-2014-3114
+	RESERVED
+CVE-2014-3113
+	RESERVED
+CVE-2014-3112
+	RESERVED
+CVE-2014-3110
+	RESERVED
+CVE-2014-3109
+	RESERVED
+CVE-2014-3108
+	RESERVED
+CVE-2014-3107
+	RESERVED
+CVE-2014-3106
+	RESERVED
+CVE-2014-3105
+	RESERVED
+CVE-2014-3104
+	RESERVED
+CVE-2014-3103
+	RESERVED
+CVE-2014-3102
+	RESERVED
+CVE-2014-3101
+	RESERVED
+CVE-2014-3100
+	RESERVED
+CVE-2014-3099
+	RESERVED
+CVE-2014-3098
+	RESERVED
+CVE-2014-3097
+	RESERVED
+CVE-2014-3096
+	RESERVED
+CVE-2014-3095
+	RESERVED
+CVE-2014-3094
+	RESERVED
+CVE-2014-3093
+	RESERVED
+CVE-2014-3092
+	RESERVED
+CVE-2014-3091
+	RESERVED
+CVE-2014-3090
+	RESERVED
+CVE-2014-3089
+	RESERVED
+CVE-2014-3088
+	RESERVED
+CVE-2014-3087
+	RESERVED
+CVE-2014-3086
+	RESERVED
+CVE-2014-3085
+	RESERVED
+CVE-2014-3084
+	RESERVED
+CVE-2014-3083
+	RESERVED
+CVE-2014-3082
+	RESERVED
+CVE-2014-3081
+	RESERVED
+CVE-2014-3080
+	RESERVED
+CVE-2014-3079
+	RESERVED
+CVE-2014-3078
+	RESERVED
+CVE-2014-3077
+	RESERVED
+CVE-2014-3076
+	RESERVED
+CVE-2014-3075
+	RESERVED
+CVE-2014-3074
+	RESERVED
+CVE-2014-3073
+	RESERVED
+CVE-2014-3072
+	RESERVED
+CVE-2014-3071
+	RESERVED
+CVE-2014-3070
+	RESERVED
+CVE-2014-3069
+	RESERVED
+CVE-2014-3068
+	RESERVED
+CVE-2014-3067
+	RESERVED
+CVE-2014-3066
+	RESERVED
+CVE-2014-3065
+	RESERVED
+CVE-2014-3064
+	RESERVED
+CVE-2014-3063
+	RESERVED
+CVE-2014-3062
+	RESERVED
+CVE-2014-3061
+	RESERVED
+CVE-2014-3060
+	RESERVED
+CVE-2014-3059
+	RESERVED
+CVE-2014-3058
+	RESERVED
+CVE-2014-3057
+	RESERVED
+CVE-2014-3056
+	RESERVED
+CVE-2014-3055
+	RESERVED
+CVE-2014-3054
+	RESERVED
+CVE-2014-3053
+	RESERVED
+CVE-2014-3052
+	RESERVED
+CVE-2014-3051
+	RESERVED
+CVE-2014-3050
+	RESERVED
+CVE-2014-3049
+	RESERVED
+CVE-2014-3048
+	RESERVED
+CVE-2014-3047
+	RESERVED
+CVE-2014-3046
+	RESERVED
+CVE-2014-3045
+	RESERVED
+CVE-2014-3044
+	RESERVED
+CVE-2014-3043
+	RESERVED
+CVE-2014-3042
+	RESERVED
+CVE-2014-3041
+	RESERVED
+CVE-2014-3040
+	RESERVED
+CVE-2014-3039
+	RESERVED
+CVE-2014-3038
+	RESERVED
+CVE-2014-3037
+	RESERVED
+CVE-2014-3036
+	RESERVED
+CVE-2014-3035
+	RESERVED
+CVE-2014-3034
+	RESERVED
+CVE-2014-3033
+	RESERVED
+CVE-2014-3032
+	RESERVED
+CVE-2014-3031
+	RESERVED
+CVE-2014-3030
+	RESERVED
+CVE-2014-3029
+	RESERVED
+CVE-2014-3028
+	RESERVED
+CVE-2014-3027
+	RESERVED
+CVE-2014-3026
+	RESERVED
+CVE-2014-3025
+	RESERVED
+CVE-2014-3024
+	RESERVED
+CVE-2014-3023
+	RESERVED
+CVE-2014-3022
+	RESERVED
+CVE-2014-3021
+	RESERVED
+CVE-2014-3020
+	RESERVED
+CVE-2014-3019
+	RESERVED
+CVE-2014-3018
+	RESERVED
+CVE-2014-3017
+	RESERVED
+CVE-2014-3016
+	RESERVED
+CVE-2014-3015
+	RESERVED
+CVE-2014-3014
+	RESERVED
+CVE-2014-3013
+	RESERVED
+CVE-2014-3012
+	RESERVED
+CVE-2014-3011
+	RESERVED
+CVE-2014-3010
+	RESERVED
+CVE-2014-3009
+	RESERVED
+CVE-2014-3008 (Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to ...)
+	TODO: check
+CVE-2014-3007 (Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might ...)
+	TODO: check
+CVE-2014-3006
+	RESERVED
+CVE-2014-3005
+	RESERVED
+CVE-2014-3004
+	RESERVED
+CVE-2014-3003
+	RESERVED
+CVE-2014-3002
+	RESERVED
+CVE-2014-3001
+	RESERVED
+CVE-2014-3000
+	RESERVED
+CVE-2014-2999
+	RESERVED
+CVE-2014-2998
+	RESERVED
+CVE-2014-2997
+	RESERVED
+CVE-2014-2996 (XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem ...)
+	TODO: check
+CVE-2014-2995
+	RESERVED
+CVE-2014-2994 (Stack-based buffer overflow in Acunetix Web Vulnerability Scanner ...)
+	TODO: check
+CVE-2014-2993 (The Birebin.com application for Android does not verify X.509 ...)
+	TODO: check
+CVE-2014-2992 (The Misli.com application for Android does not verify X.509 ...)
+	TODO: check
+CVE-2014-2991
+	RESERVED
+CVE-2014-2990
+	RESERVED
+CVE-2014-2989
+	RESERVED
+CVE-2014-2988
+	RESERVED
+CVE-2014-2987
+	RESERVED
 CVE-2014-XXXX [mm: try_to_unmap_cluster() should lock_page() before mlocking]
 	- linux <unfixed>
 	- linux-2.6 <removed>
@@ -16,11 +298,12 @@ CVE-2014-XXXX [incomplete fix for CVE-2014-2707]
 	NOTE: incomplete fix was applied
 	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194
 CVE-2014-3111
+	RESERVED
 	NOT-FOR-US: fog cloning solution, not in Debian 
 CVE-2014-2985
 	RESERVED
 CVE-2014-2984
-	RESERVED
+	REJECTED
 CVE-2014-2982
 	RESERVED
 CVE-2014-2981
@@ -31,8 +314,8 @@ CVE-2014-2978
 	RESERVED
 CVE-2014-2977
 	RESERVED
-CVE-2014-2976
-	RESERVED
+CVE-2014-2976 (Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 ...)
+	TODO: check
 CVE-2014-2975
 	RESERVED
 CVE-2014-2974
@@ -165,10 +448,10 @@ CVE-2014-2911
 	RESERVED
 CVE-2014-2910
 	RESERVED
-CVE-2014-2909
-	RESERVED
-CVE-2014-2908
-	RESERVED
+CVE-2014-2909 (CRLF injection vulnerability in the integrated web server on Siemens ...)
+	TODO: check
+CVE-2014-2908 (Cross-site scripting (XSS) vulnerability in the integrated web server ...)
+	TODO: check
 CVE-2014-2906 [unsafe temporary file creationg leading to privilege escalation]
 	RESERVED
 	- fish <unfixed> (low; bug #746259)
@@ -207,23 +490,20 @@ CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts]
 	- virtualenvwrapper <unfixed> (low; bug #745580)
 	[wheezy] - virtualenvwrapper <no-dsa> (Minor issue)
 	[squeeze] - virtualenvwrapper <no-dsa> (Minor issue)
-CVE-2014-2907
-	RESERVED
+CVE-2014-2907 (The srtp_add_address function in epan/dissectors/packet-rtp.c in the ...)
 	- wireshark 1.10.7-1 (bug #745595)
 	[wheezy] - wireshark <not-affected> (Affects 1.10.x only)
 	[squeeze] - wireshark <not-affected> (Affects 1.10.x only)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-06.html
-CVE-2014-2986 [XSA-94 ARM hypervisor crash on guest interrupt controller access]
+CVE-2014-2986 (The vgic_distr_mmio_write function in the virtual guest interrupt ...)
 	- xen <not-affected> (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards)
-CVE-2014-2980 [DoS]
-	RESERVED
+CVE-2014-2980 (Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run ...)
 	- gnustep-base <unfixed> (bug #745470)
 	[wheezy] - gnustep-base <no-dsa> (Minor issue)
 	[squeeze] - gnustep-base <no-dsa> (Minor issue)
 	NOTE: https://savannah.gnu.org/bugs/?41751
-CVE-2014-2915 [XSA-93]
-	RESERVED
+CVE-2014-2915 (Xen 4.4.x, when running on ARM systems, does not properly restrict ...)
 	- xen <not-affected> (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards)
 CVE-2014-2913 [Remote command execution]
 	RESERVED
@@ -231,8 +511,7 @@ CVE-2014-2913 [Remote command execution]
 	[wheezy] - nagios-nrpe <no-dsa> (Minor issue)
 	[squeeze] - nagios-nrpe <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2014/Apr/240
-CVE-2014-2983 [information disclosure]
-	RESERVED
+CVE-2014-2983 (Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate ...)
 	{DSA-2914-1 DSA-2913-1}
 	- drupal7 7.27-1
 	- drupal6 <removed>
@@ -264,8 +543,7 @@ CVE-2014-2896
 	- cyassl <itp> (bug #598391)
 CVE-2014-2890 (Cross-site scripting (XSS) vulnerability in the wrap_html function in ...)
 	- phpmyid <itp> (bug #492325)
-CVE-2014-2888
-	RESERVED
+CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows ...)
 	NOT-FOR-US: Ruby Gem sfpagent
 CVE-2014-2885
 	RESERVED
@@ -314,15 +592,13 @@ CVE-2014-2892 (Heap-based buffer overflow in the get_answer function in mmsh.c i
 	- libmms 0.6.2-4 (bug #745301)
 	- xine-lib <not-affected> (mmsh is libmms-specific)
 	NOTE: http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
-CVE-2014-2893 [scan-build: insecure use of /tmp]
-	RESERVED
+CVE-2014-2893 (The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and ...)
 	- llvm-toolchain-snapshot <unfixed> (bug #744817)
 	- llvm-toolchain-3.3 <unfixed>
 	- llvm-toolchain-3.4 <unfixed>
 CVE-2014-2854
 	RESERVED
-CVE-2014-2853 [mediawiki (bug 63251) SECURITY: escape sortKey in pageInfo.]
-	RESERVED
+CVE-2014-2853 (Cross-site scripting (XSS) vulnerability in ...)
 	- mediawiki <not-affected> (Vulnerable code not present)
 CVE-2014-2852 (OpenAFS before 1.6.7 delays the listen thread when an ...)
 	{DSA-2899-1}
@@ -335,8 +611,7 @@ CVE-2014-2848 (A race condition in the wmi_malware_scan.nbin plugin before ...)
 	NOT-FOR-US: Nessus
 CVE-2014-2847 (SQL injection vulnerability in default.asp in CIS Manager CMS allows ...)
 	NOT-FOR-US: CIS Manager CMS
-CVE-2014-2846
-	RESERVED
+CVE-2014-2846 (Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php ...)
 	NOT-FOR-US: Arkeia Server Backup
 CVE-2014-2845
 	RESERVED
@@ -538,13 +813,11 @@ CVE-2014-2738
 	RESERVED
 CVE-2014-2737 (SQL injection vulnerability in the get_active_session function in the ...)
 	NOT-FOR-US: KnowledgeTree
-CVE-2014-2736
-	RESERVED
+CVE-2014-2736 (Multiple SQL injection vulnerabilities in MODX Revolution before ...)
 	NOT-FOR-US: MODX Revolution
 CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify that ...)
 	NOT-FOR-US: WinSCP
-CVE-2014-2734
-	RESERVED
+CVE-2014-2734 (The openssl extension in Ruby 2.x does not properly maintain the state ...)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1091156#c1
 	NOTE: https://gist.github.com/gdisneyleugers/10446549
 CVE-2014-2733 (Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a ...)
@@ -553,22 +826,19 @@ CVE-2014-2732 (Multiple directory traversal vulnerabilities in the integrated we
 	NOT-FOR-US: Siemens SINEMA
 CVE-2014-2731 (Multiple unspecified vulnerabilities in the integrated web server in ...)
 	NOT-FOR-US: Siemens SINEMA
-CVE-2014-2889 [arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target]
-	RESERVED
+CVE-2014-2889 (Off-by-one error in the bpf_jit_compile function in ...)
 	- linux 3.2.1-1
 	- linux-2.6 3.2.1-1
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 3.0)
 	NOTE: introduced by https://git.kernel.org/linus/0a14842f5a3c0e88a1e59fac5c3025db39721f74
 	NOTE: Upstrem fix in https://git.kernel.org/linus/a03ffcf873fe0f2565386ca8ef832144c42e67fa
-CVE-2014-2894 [qemu: out of bounds buffer access, guest triggerable via IDE SMART]
-	RESERVED
+CVE-2014-2894 (Off-by-one error in the cmd_smart function in the smart self test in ...)
 	- qemu 2.0.0+dfsg-1 (bug #745157)
 	[squeeze] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: Upstream fix https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
-CVE-2014-2855 [Daemon infinite loop when no matched user in secrets]
-	RESERVED
+CVE-2014-2855 (The check_secret function in authenticate.c in rsync 3.1.0 and earlier ...)
 	- rsync 3.1.0-3 (bug #744791)
 	[wheezy] - rsync <not-affected> (Introduced in 3.1.0)
 	[squeeze] - rsync <not-affected> (Introduced in 3.1.0)
@@ -614,15 +884,14 @@ CVE-2014-2743 (plugins/mod_compression.lua in Lightwitch Metronome through 3.4 d
 	NOT-FOR-US: Openfire
 CVE-2014-2742 (Isode M-Link before 16.0v7 does not properly restrict the processing ...)
 	NOT-FOR-US: Openfire
-CVE-2014-2741 (Ignite Realtime Openfire before 3.9.2 does not properly restrict the ...)
+CVE-2014-2741 (nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 ...)
 	NOT-FOR-US: Openfire
 CVE-2014-2730 (The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and ...)
 	NOT-FOR-US: Microsoft Office
 CVE-2014-2739 (The cma_req_handler function in drivers/infiniband/core/cma.c in the ...)
 	- linux <not-affected> (Introduced and fixed in 3.14)
 	- linux-2.6 <not-affected> ((Introduced and fixed in 3.14)
-CVE-2014-2729
-	RESERVED
+CVE-2014-2729 (Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS ...)
 	NOT-FOR-US:  Ektron Web Content Management System
 CVE-2014-2728
 	RESERVED
@@ -655,8 +924,8 @@ CVE-2014-2717
 	RESERVED
 CVE-2014-2716
 	RESERVED
-CVE-2014-2715
-	RESERVED
+CVE-2014-2715 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2014-2714 (The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 ...)
 	NOT-FOR-US: Juniper Junos
 CVE-2014-2713 (Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, ...)
@@ -707,13 +976,12 @@ CVE-2014-2687
 	RESERVED
 CVE-2014-5880
 	REJECTED
-CVE-2014-2709
-	RESERVED
+CVE-2014-2709 (lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote ...)
 	- cacti 0.8.8b+dfsg-4 (bug #743565)
 	NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
 	NOTE: CVE for all changes to lib/rrd.php to add cacti_escapeshellarg calls
-CVE-2014-2708 (SQL injection vulnerability in graph_xport.php in Cacti 0.8.8b allows ...)
+CVE-2014-2708 (Multiple SQL injection vulnerabilities in graph_xport.php in Cacti ...)
 	- cacti 0.8.8b+dfsg-4 (bug #743565)
 	NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
@@ -760,10 +1028,10 @@ CVE-2014-2660
 	RESERVED
 CVE-2014-2659 (Cross-site request forgery (CSRF) vulnerability in the admin UI in ...)
 	TODO: check
-CVE-2014-2658
-	RESERVED
-CVE-2014-2657
-	RESERVED
+CVE-2014-2658 (Unspecified vulnerability in Papercut MF and NG before 14.1 (Build ...)
+	TODO: check
+CVE-2014-2657 (Unspecified vulnerability in the print release functionality in ...)
+	TODO: check
 CVE-2014-2654 (Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and ...)
 	TODO: check
 CVE-2014-2685 [zendframework ZF2014-02]
@@ -942,8 +1210,7 @@ CVE-2014-2603
 	RESERVED
 CVE-2014-2602
 	RESERVED
-CVE-2014-2601
-	RESERVED
+CVE-2014-2601 (The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier ...)
 	NOT-FOR-US: HP
 CVE-2014-2600 (Unspecified vulnerability in HP IceWall Identity Manager 4.0 through ...)
 	NOT-FOR-US: HP
@@ -982,8 +1249,7 @@ CVE-2014-2583 (Multiple directory traversal vulnerabilities in pam_timestamp.c i
 	NOTE: Fix: https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8
 CVE-2014-2582
 	RESERVED
-CVE-2014-2579
-	RESERVED
+CVE-2014-2579 (Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner ...)
 	NOT-FOR-US: WordPress plugin xcloner
 CVE-2014-2578 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
 	NOT-FOR-US: Splunk Web
@@ -1021,8 +1287,7 @@ CVE-2014-2556
 	RESERVED
 CVE-2014-2555
 	RESERVED
-CVE-2014-2554 [Clickjacking issue]
-	RESERVED
+CVE-2014-2554 (OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 ...)
 	- otrs2 3.3.6-1
 	[wheezy] - otrs2 <no-dsa> (Minor issue)
 	[squeeze] - otrs2 <no-dsa> (Minor issue)
@@ -1045,8 +1310,8 @@ CVE-2014-2547
 	RESERVED
 CVE-2014-2546
 	RESERVED
-CVE-2014-2545
-	RESERVED
+CVE-2014-2545 (TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File ...)
+	TODO: check
 CVE-2014-2544 (Unspecified vulnerability in Spotfire Web Player Engine, Spotfire ...)
 	NOT-FOR-US: Spotfire
 CVE-2014-2543 (Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing ...)
@@ -1485,8 +1750,7 @@ CVE-2014-2385
 	RESERVED
 CVE-2014-2384 (vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player ...)
 	NOT-FOR-US: VMware on Windows
-CVE-2014-2383 [dompdf: arbitrary file read]
-	RESERVED
+CVE-2014-2383 (dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, ...)
 	- php-dompdf 0.6.1+dfsg-2 (unimportant; bug #745619)
 	NOTE: requires DOMPDF_ENABLE_REMOTE (disabled by default) to be enabled
 CVE-2014-2382
@@ -1606,15 +1870,13 @@ CVE-2014-2329
 	RESERVED
 	- check-mk <unfixed> (bug #742689)
 	NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
-CVE-2014-2328 [Unspecified Remote Command Execution Vulnerability]
-	RESERVED
+CVE-2014-2328 (lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows ...)
 	- cacti 0.8.8b+dfsg-4 (bug #742768)
 	NOTE: http://bugs.cacti.net/view.php?id=2433
-CVE-2014-2327 [Cross Site Request Forgery Vulnerability]
-	RESERVED
+CVE-2014-2327 (Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, ...)
 	- cacti <unfixed> (bug #742768)
 	NOTE: http://bugs.cacti.net/view.php?id=2432
-CVE-2014-2326 (Cross-site scripting (XSS) vulnerability in Cacti 0.8.7g allows remote ...)
+CVE-2014-2326 (Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, ...)
 	- cacti 0.8.8b+dfsg-4 (bug #742768)
 	NOTE: http://bugs.cacti.net/view.php?id=2431
 CVE-2014-2318 (SQL injection vulnerability in ATCOM Netvolution 3 allows remote ...)
@@ -1909,20 +2171,20 @@ CVE-2014-2188
 	RESERVED
 CVE-2014-2187
 	RESERVED
-CVE-2014-2186
-	RESERVED
-CVE-2014-2185
-	RESERVED
-CVE-2014-2184
-	RESERVED
-CVE-2014-2183
-	RESERVED
-CVE-2014-2182
-	RESERVED
+CVE-2014-2186 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
+	TODO: check
+CVE-2014-2185 (The Call Detail Records (CDR) Management component in Cisco Unified ...)
+	TODO: check
+CVE-2014-2184 (The IP Manager Assistant (IPMA) component in Cisco Unified ...)
+	TODO: check
+CVE-2014-2183 (The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 ...)
+	TODO: check
+CVE-2014-2182 (Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay ...)
+	TODO: check
 CVE-2014-2181
 	RESERVED
-CVE-2014-2180
-	RESERVED
+CVE-2014-2180 (The Document Management component in Cisco Unified Contact Center ...)
+	TODO: check
 CVE-2014-2179
 	RESERVED
 CVE-2014-2178
@@ -2106,8 +2368,7 @@ CVE-2014-2088 (Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.
 	NOT-FOR-US: ILIAS
 CVE-2014-2087 (Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload ...)
 	NOT-FOR-US: Free Download Manager
-CVE-2014-2285 [snmptrapd crash when using a trap with empty community string]
-	RESERVED
+CVE-2014-2285 (The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs ...)
 	- net-snmp 5.7.2.1~dfsg-3 (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072044
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072778
@@ -2331,8 +2592,7 @@ CVE-2014-2044 [owncloud: autenticated remote code execution]
 	- owncloud <not-affected> (Windows-specific)
 CVE-2014-2043 (SQL injection vulnerability in Resources/System/Templates/Data.aspx in ...)
 	NOT-FOR-US: Procentia IntelliPen
-CVE-2014-2042
-	RESERVED
+CVE-2014-2042 (Unrestricted file upload vulnerability in the Manage Project ...)
 	NOT-FOR-US: Livetecs Timelive
 CVE-2014-2041
 	RESERVED
@@ -2815,14 +3075,11 @@ CVE-2014-1847
 	RESERVED
 CVE-2014-1844
 	RESERVED
-CVE-2014-1843
-	RESERVED
+CVE-2014-1843 (Directory traversal vulnerability in the web interface in Titan FTP ...)
 	NOT-FOR-US: Titan FTP Server
-CVE-2014-1842
-	RESERVED
+CVE-2014-1842 (Directory traversal vulnerability in the web interface in Titan FTP ...)
 	NOT-FOR-US: Titan FTP Server
-CVE-2014-1841
-	RESERVED
+CVE-2014-1841 (Directory traversal vulnerability in the web interface in Titan FTP ...)
 	NOT-FOR-US: Titan FTP Server
 CVE-2014-1840 (Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB ...)
 	NOT-FOR-US: MyBB
@@ -3020,8 +3277,8 @@ CVE-2014-1778
 	RESERVED
 CVE-2014-1777
 	RESERVED
-CVE-2014-1776
-	RESERVED
+CVE-2014-1776 (Use-after-free vulnerability in VGX.DLL in Microsoft Internet Explorer ...)
+	TODO: check
 CVE-2014-1775
 	RESERVED
 CVE-2014-1774
@@ -3040,16 +3297,16 @@ CVE-2014-1768
 	RESERVED
 CVE-2014-1767
 	RESERVED
-CVE-2014-1766
-	RESERVED
-CVE-2014-1765
-	RESERVED
-CVE-2014-1764
-	RESERVED
-CVE-2014-1763
-	RESERVED
-CVE-2014-1762
-	RESERVED
+CVE-2014-1766 (Unspecified vulnerability in the kernel in Microsoft Windows 8.1 ...)
+	TODO: check
+CVE-2014-1765 (Multiple use-after-free vulnerabilities in Microsoft Internet Explorer ...)
+	TODO: check
+CVE-2014-1764 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+	TODO: check
+CVE-2014-1763 (Use-after-free vulnerability in Microsoft Internet Explorer 11 allows ...)
+	TODO: check
+CVE-2014-1762 (Unspecified vulnerability in Microsoft Internet Explorer 11 allows ...)
+	TODO: check
 CVE-2014-1761 (Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 ...)
 	NOT-FOR-US: Microsoft Word
 CVE-2014-1760 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
@@ -3104,32 +3361,26 @@ CVE-2014-1736
 	[squeeze] - chromium-browser <end-of-life>
 	- libv8 <removed>
 	- libv8-3.14 <unfixed>
-CVE-2014-1735
-	RESERVED
+CVE-2014-1735 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
 	- libv8 <removed>
 	- libv8-3.14 <unfixed>
-CVE-2014-1734
-	RESERVED
+CVE-2014-1734 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1733
-	RESERVED
+CVE-2014-1733 (The PointerCompare function in codegen.cc in Seccomp-BPF, as used in ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1732
-	RESERVED
+CVE-2014-1732 (Use-after-free vulnerability in ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1731
-	RESERVED
+CVE-2014-1731 (core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
 	- libv8 <removed>
 	- libv8-3.14 <unfixed>
-CVE-2014-1730
-	RESERVED
+CVE-2014-1730 (Google V8, as used in Google Chrome before 34.0.1847.131 on Windows ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-1729 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, ...)
@@ -3378,10 +3629,10 @@ CVE-2014-1649
 	RESERVED
 CVE-2014-1648 (Cross-site scripting (XSS) vulnerability in ...)
 	TODO: check
-CVE-2014-1647
-	RESERVED
-CVE-2014-1646
-	RESERVED
+CVE-2014-1647 (Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop ...)
+	TODO: check
+CVE-2014-1646 (Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop ...)
+	TODO: check
 CVE-2014-1645 (SQL injection vulnerability in forcepasswd.do in the management GUI in ...)
 	NOT-FOR-US: Symantec LiveUpdate Administrator
 CVE-2014-1644 (The forgotten-password feature in forcepasswd.do in the management GUI ...)
@@ -3604,72 +3855,65 @@ CVE-2014-1534
 	RESERVED
 CVE-2014-1533
 	RESERVED
-CVE-2014-1532
-	RESERVED
+CVE-2014-1532 (Use-after-free vulnerability in the ...)
+	{DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
-CVE-2014-1531
-	RESERVED
+CVE-2014-1531 (Use-after-free vulnerability in the ...)
+	{DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
-CVE-2014-1530
-	RESERVED
+CVE-2014-1530 (The docshell implementation in Mozilla Firefox before 29.0, Firefox ...)
+	{DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
-CVE-2014-1529
-	RESERVED
+CVE-2014-1529 (The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR ...)
+	{DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
-CVE-2014-1528
-	RESERVED
+CVE-2014-1528 (The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo ...)
 	- iceweasel <not-affected> (Windows-specific)
-CVE-2014-1527
-	RESERVED
+CVE-2014-1527 (Mozilla Firefox before 29.0 on Android allows remote attackers to ...)
 	- iceweasel <not-affected> (Only affects Firefox on Android)
 	- icedove <not-affected> (Only affects Firefox on Android)
-CVE-2014-1526
-	RESERVED
+CVE-2014-1526 (The XrayWrapper implementation in Mozilla Firefox before 29.0 and ...)
 	- iceweasel <not-affected> (Only affects Firefox 28)
 	- icedove <not-affected> (Only affects Firefox 28)
-CVE-2014-1525
-	RESERVED
+CVE-2014-1525 (The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before ...)
 	- iceweasel <not-affected> (Only affects Firefox 28)
 	- icedove <not-affected> (Only affects Firefox 28)
-CVE-2014-1524
-	RESERVED
+CVE-2014-1524 (The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox ...)
+	{DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
-CVE-2014-1523
-	RESERVED
+CVE-2014-1523 (Heap-based buffer overflow in the read_u32 function in Mozilla Firefox ...)
+	{DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
-CVE-2014-1522
-	RESERVED
+CVE-2014-1522 (The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the ...)
 	- iceweasel <not-affected> (Only affects Firefox 28)
 	- icedove <not-affected> (Only affects Firefox 28)
 CVE-2014-1521
 	RESERVED
-CVE-2014-1520
-	RESERVED
+CVE-2014-1520 (maintenservice_installer.exe in the Maintenance Service Installer in ...)
 	- iceweasel <not-affected> (Windows-specific)
-CVE-2014-1519
-	RESERVED
+CVE-2014-1519 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <not-affected> (Only affects Firefox 28)
 	- icedove <not-affected> (Only affects Firefox 28)
-CVE-2014-1518
-	RESERVED
+CVE-2014-1518 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+	{DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
@@ -4324,7 +4568,7 @@ CVE-2014-1265 (The systemsetup program in the Date and Time subsystem in Apple O
 	NOT-FOR-US: Apple
 CVE-2014-1264 (Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after ...)
 	NOT-FOR-US: Apple
-CVE-2014-1263 (curl in Apple OS X 10.9.x before 10.9.2 does not verify X.509 ...)
+CVE-2014-1263 (curl and libcurl 7.27.0 through 7.35.0, when using the ...)
 	- curl <not-affected> (Only applies to Curl on Mac OS or iOS)
 	NOTE: http://curl.haxx.se/docs/adv_20140326C.html
 CVE-2014-1262 (Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers ...)
@@ -4414,8 +4658,7 @@ CVE-2014-1219 (CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_
 	NOT-FOR-US: 2E Web Option
 CVE-2014-1218
 	RESERVED
-CVE-2014-1217
-	RESERVED
+CVE-2014-1217 (Livetecs Timelive before 6.2.8 does not properly restrict access to ...)
 	NOT-FOR-US: Livetecs Timelive
 CVE-2014-1216 (FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers ...)
 	NOT-FOR-US: Fitnesse Wiki
@@ -4720,8 +4963,8 @@ CVE-2014-0894
 	RESERVED
 CVE-2014-0893
 	RESERVED
-CVE-2014-0892
-	RESERVED
+CVE-2014-0892 (IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 ...)
+	TODO: check
 CVE-2014-0891
 	RESERVED
 CVE-2014-0890 (The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, ...)
@@ -4916,7 +5159,7 @@ CVE-2014-0796
 	RESERVED
 CVE-2014-0795
 	RESERVED
-CVE-2014-0794 (Cross-site scripting (XSS) vulnerability in JV Comment (com_jvcomment) ...)
+CVE-2014-0794 (SQL injection vulnerability in the JV Comment (com_jvcomment) ...)
 	NOT-FOR-US: JV Comment Joomla Extension
 CVE-2014-0793 (Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas ...)
 	NOT-FOR-US: Komento Joomla Extension
@@ -4947,8 +5190,8 @@ CVE-2014-0782
 	RESERVED
 CVE-2014-0781 (Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 ...)
 	NOT-FOR-US: Yokogawa CENTUM CS 3000
-CVE-2014-0780
-	RESERVED
+CVE-2014-0780 (Directory traversal vulnerability in NTWebServer in InduSoft Web ...)
+	TODO: check
 CVE-2014-0779 (The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2014-0778 (The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows ...)
@@ -4969,8 +5212,8 @@ CVE-2014-0771 (The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX
 	NOT-FOR-US: Advantech WebAccess
 CVE-2014-0770 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
 	NOT-FOR-US: Advantech WebAccess
-CVE-2014-0769
-	RESERVED
+CVE-2014-0769 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and ...)
+	TODO: check
 CVE-2014-0768 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2014-0767 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
@@ -4987,8 +5230,8 @@ CVE-2014-0762
 	RESERVED
 CVE-2014-0761
 	RESERVED
-CVE-2014-0760
-	RESERVED
+CVE-2014-0760 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and ...)
+	TODO: check
 CVE-2014-0759 (Unquoted Windows search path vulnerability in Schneider Electric ...)
 	NOT-FOR-US: Schneider Electric Floating License Manager
 CVE-2014-0758 (An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, ...)
@@ -5482,8 +5725,7 @@ CVE-2014-0517
 	RESERVED
 CVE-2014-0516
 	RESERVED
-CVE-2014-0515
-	RESERVED
+CVE-2014-0515 (Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x ...)
 	NOT-FOR-US: Flash plugin
 CVE-2014-0514 (The Adobe Reader Mobile application before 11.2 for Android does not ...)
 	NOT-FOR-US: Adobe Reader Mobile application
@@ -5565,14 +5807,11 @@ CVE-2014-0476
 	RESERVED
 CVE-2014-0475
 	RESERVED
-CVE-2014-0474 [MySQL typecasting could result in unexpected matches]
-	RESERVED
+CVE-2014-0474 (The (1) FilePathField, (2) GenericIPAddressField, and (3) ...)
 	- python-django 1.6.3-1
-CVE-2014-0473 [Caching of anonymous pages could reveal CSRF token]
-	RESERVED
+CVE-2014-0473 (The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, ...)
 	- python-django 1.6.3-1
-CVE-2014-0472 [Unexpected code execution using ``reverse()``]
-	RESERVED
+CVE-2014-0472 (The django.core.urlresolvers.reverse function in Django before 1.4.11, ...)
 	- python-django 1.6.3-1
 CVE-2014-0471 [dpkg-source: directory traversal during unpack]
 	RESERVED
@@ -5887,16 +6126,16 @@ CVE-2014-0366 (Unspecified vulnerability in the Oracle Applications Framework ..
 	NOT-FOR-US: Oracle E-Business Suite
 CVE-2014-0365
 	RESERVED
-CVE-2014-0364
-	RESERVED
-CVE-2014-0363
-	RESERVED
+CVE-2014-0364 (The ParseRoster component in the Ignite Realtime Smack XMPP API before ...)
+	TODO: check
+CVE-2014-0363 (The ServerTrustManager component in the Ignite Realtime Smack XMPP API ...)
+	TODO: check
 CVE-2014-0362
 	RESERVED
 CVE-2014-0361 (The default configuration of IBM 4690 OS, as used in Toshiba Global ...)
 	TODO: check
 CVE-2014-0360
-	RESERVED
+	REJECTED
 CVE-2014-0359 (Xangati XSR before 11 and XNR before 7 allows remote attackers to ...)
 	NOT-FOR-US: Xangati
 CVE-2014-0358 (Multiple directory traversal vulnerabilities in Xangati XSR before 11 ...)
@@ -5915,8 +6154,7 @@ CVE-2014-0352
 	RESERVED
 CVE-2014-0351
 	RESERVED
-CVE-2014-0350 [certificate validation issue]
-	RESERVED
+CVE-2014-0350 (The Poco::Net::X509Certificate::verify method in the NetSSL library in ...)
 	- poco <unfixed>
 	TODO: check
 CVE-2014-0349 (Multiple unspecified vulnerabilities in J2k-Codec allow remote ...)
@@ -6248,11 +6486,9 @@ CVE-2014-0190
 CVE-2014-0189
 	RESERVED
 	NOT-FOR-US: RedHat virt-who
-CVE-2014-0188
-	RESERVED
+CVE-2014-0188 (The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, ...)
 	NOT-FOR-US: OpenShift
-CVE-2014-0187 [Neutron security groups bypass through invalid CIDR]
-	RESERVED
+CVE-2014-0187 (The openvswitch-agent process in OpenStack Neutron 2013.1 before ...)
 	- neutron <unfixed>
 	[wheezy] - neutron <not-affected> (Only affects 2013.1 to 2013.2.3, and 2014.1)
 CVE-2014-0186
@@ -6270,8 +6506,7 @@ CVE-2014-0182 [virtio: out-of-bounds buffer write on state load with invalid con
 	RESERVED
 	- qemu <unfixed>
 	- qemu-kvm <removed>
-CVE-2014-0181 [Linux network reconfiguration due to incorrect netlink checks]
-	RESERVED
+CVE-2014-0181 (The Netlink implementation in the Linux kernel through 3.14.1 does not ...)
 	- linux <undetermined>
 	- linux-2.6 <removed>
 	TODO: check, details are missing from oss-security post
@@ -6319,8 +6554,7 @@ CVE-2014-0164
 	RESERVED
 CVE-2014-0163
 	RESERVED
-CVE-2014-0162 [Remote code execution in Glance Sheepdog backend]
-	RESERVED
+CVE-2014-0162 (The Sheepdog backend in OpenStack Image Registry and Delivery Service ...)
 	- glance 2014.1-1
 	[wheezy] - glance <not-affected> (Only affects 2013.2 to 2013.2.3)
 CVE-2014-0161
@@ -6481,17 +6715,14 @@ CVE-2014-0116
 	RESERVED
 CVE-2014-0115
 	RESERVED
-CVE-2014-0114
-	RESERVED
+CVE-2014-0114 (The ActionForm object in Apache Struts 1.x through 1.3.10 allows ...)
 	- libstruts1.2-java <unfixed> (bug #745897)
 	NOTE: http://mail-archives.apache.org/mod_mbox/struts-announcements/201404.mbox/%3C535F5F52.4040108%40apache.org%3E
-CVE-2014-0113
-	RESERVED
+CVE-2014-0113 (CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard ...)
 	- libstruts1.2-java <unfixed>
 	TODO: check
 	NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html
-CVE-2014-0112
-	RESERVED
+CVE-2014-0112 (ParametersInterceptor in Apache Struts before 2.3.16.2 does not ...)
 	- libstruts1.2-java <unfixed>
 	TODO: check
 	NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html
@@ -6571,8 +6802,7 @@ CVE-2014-0090
 	- foreman <itp> (bug #663101)
 CVE-2014-0089 (Cross-site scripting (XSS) vulnerability in ...)
 	- foreman <itp> (bug #663101)
-CVE-2014-0088
-	RESERVED
+CVE-2014-0088 (The SPDY implementation in the ngx_http_spdy_module module in nginx ...)
 	- nginx <not-affected> (Only affects 1.5.10)
 CVE-2014-0087
 	RESERVED
@@ -6608,8 +6838,7 @@ CVE-2014-0080 (SQL injection vulnerability in ...)
 	- ruby-activerecord-3.2 <not-affected> (affects only rails 4.0.x)
 	- ruby-activerecord-2.3 <not-affected> (affects only rails 4.0.x)
 	- rails <not-affected> (affects only rails 4.0.x)
-CVE-2014-0079
-	RESERVED
+CVE-2014-0079 (The ValidateUserLogon function in provider/libserver/ECSession.cpp in ...)
 	NOT-FOR-US: Zarafa Collaboration Platform
 CVE-2014-0078
 	RESERVED
@@ -6770,8 +6999,7 @@ CVE-2014-0038 (The compat_sys_recvmmsg function in net/compat.c in the Linux ker
 	- linux-2.6 <not-affected> (Introduced in 3.4+)
 	NOTE: introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/compat.c?id=ee4fa23c4bfcc635d077a9633d405610de45bc70
 	NOTE: Debian does not enable CONFIG_X86_X32, see #708070
-CVE-2014-0037
-	RESERVED
+CVE-2014-0037 (The ValidateUserLogon function in provider/libserver/ECSession.cpp in ...)
 	NOT-FOR-US: Zarafa Collaboration Platform
 CVE-2014-0036 (The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with ...)
 	NOT-FOR-US: rbovirt
author	Joey Hess <joeyh@debian.org>	2014-04-30 21:14:10 +0000
committer	Joey Hess <joeyh@debian.org>	2014-04-30 21:14:10 +0000
commit	19de4a08aec58f7e1a1a9fd77a1b489a71f6f07d (patch)
tree	236c22b47cebe75133d2f9dd9cbb31e1259a1263 /data/CVE
parent	d0a727b279b13253e154f5d24a17d456ab5d4ce8 (diff)