automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@25560 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2014-02-07 09:14:11 +0000
committer: Joey Hess <joeyh@debian.org> 2014-02-07 09:14:11 +0000
commit: f51a1c77240bf4dc45b108786bae7b780a8f5651 (patch)
tree: dd332bccdb7ab96bb06f970c5d8b93e9e2318cc2 /data/CVE
parent: 676c2fcadeaa4fcf070f3fd0a0405b34c47ac389 (diff)
5 files changed, 203 insertions, 210 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index a5fcc6ca92..75bba65641 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -1,4 +1,5 @@
 CVE-2001-1593 [insecure use of /tmp]
+	RESERVED
 	- a2ps <unfixed> (low; bug #737385)
 	[wheezy] - a2ps <no-dsa> (Minor issue)
 	[squeeze] - a2ps <no-dsa> (Minor issue)
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 6a764b6b38..8ec41b64b5 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -1518,8 +1518,7 @@ CVE-2011-4614 (PHP remote file inclusion vulnerability in ...)
 	- typo3-src 4.5.9+dfsg1-1 (bug #652365)
 	[squeeze] - typo3-src <not-affected> (Only affects 4.5 onwards)
 	[lenny] - typo3-src <not-affected> (Only affects 4.5 onwards)
-CVE-2011-4613 [X launcher permission bypass]
-	RESERVED
+CVE-2011-4613 (The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu ...)
 	{DSA-2364-1}
 	- xorg 1:7.6+10 (low; bug #652249)
 	[lenny] - xorg <not-affected> (Introduced in 1:7.4~4)
@@ -2227,8 +2226,7 @@ CVE-2011-4329 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3
 CVE-2011-4328 (plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions ...)
 	{DSA-2435-1}
 	- gnash 0.8.10-1 (low; bug #649384)
-CVE-2011-4327
-	RESERVED
+CVE-2011-4327 (ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain ...)
 	- openssh <not-affected> (Only affects platforms w/o /dev/random)
 	NOTE: http://www.openssh.com/txt/portable-keysign-rand-helper.adv
 CVE-2011-4326 (The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel ...)
@@ -4797,8 +4795,7 @@ CVE-2011-3378 (RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote .
 	- rpm 4.9.1.2-1 (low; bug #645325)
 	[squeeze] - rpm 4.8.1-6+squeeze1
 	[lenny] - rpm <no-dsa> (rpm isn't used a a package manager, very limited attack vector)
-CVE-2011-3377 [IcedTea browser plugin Same Origin Policy suffix issue]
-	RESERVED
+CVE-2011-3377 (The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x ...)
 	{DSA-2420-1}
 	- openjdk-6 6b21~pre1-1
 	- icedtea-web 1.1.4-1
@@ -4911,8 +4908,7 @@ CVE-2011-3346
 	[squeeze] - qemu-kvm <no-dsa> (SCSI support in 0.12 generally broken, no complete fix other than updating to 0.15)
 CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ...)
 	- ofa-kernel <itp> (bug #541849)
-CVE-2011-3344
-	RESERVED
+CVE-2011-3344 (Cross-site scripting (XSS) vulnerability in the Lookup Login/Password ...)
 	NOT-FOR-US: Red Hat Network Satellite server
 CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to ...)
 	{DSA-2386-1}
@@ -6128,8 +6124,7 @@ CVE-2011-2929 (The template selection functionality in ...)
 CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux ...)
 	{DSA-2310-1 DSA-2303-1}
 	- linux-2.6 3.0.0-2
-CVE-2011-2927
-	RESERVED
+CVE-2011-2927 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, ...)
 	NOT-FOR-US: Red Hat Network Satellite server
 CVE-2011-2926
 	RESERVED
@@ -6149,11 +6144,9 @@ CVE-2011-2922
 CVE-2011-2921
 	RESERVED
 	- ktsuss <removed>
-CVE-2011-2920
-	RESERVED
+CVE-2011-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, ...)
 	NOT-FOR-US: Red Hat Network Satellite server
-CVE-2011-2919
-	RESERVED
+CVE-2011-2919 (Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in ...)
 	NOT-FOR-US: Red Hat Network Satellite server
 CVE-2011-2918 (The Performance Events subsystem in the Linux kernel before 3.1 does ...)
 	{DSA-2303-1}
@@ -6775,8 +6768,7 @@ CVE-2011-2727
 CVE-2011-2726 [SA-CORE-2011-003]
 	RESERVED
 	- drupal7 7.6-1
-CVE-2011-2725 [ark directory traversal]
-	RESERVED
+CVE-2011-2725 (Directory traversal vulnerability in Ark 4.7.x and earlier allows ...)
 	- kdeutils 4:4.6.5-4 (low; bug #635541)
 	[lenny] - kdeutils <no-dsa> (Minor issue)
 	[squeeze] - kdeutils 4:4.4.5-1+squeeze1
@@ -9721,8 +9713,7 @@ CVE-2011-1595 (Directory traversal vulnerability in the disk_create function in
 	- rdesktop 1.7.0-1 (low; bug #623552)
 	[squeeze] - rdesktop <no-dsa> (Minor issue)
 	[lenny] - rdesktop <no-dsa> (Minor issue)
-CVE-2011-1594
-	RESERVED
+CVE-2011-1594 (Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat ...)
 	NOT-FOR-US: Red Hat Network Satellite server
 CVE-2011-1593 (Multiple integer overflows in the next_pidmap function in kernel/pid.c ...)
 	{DSA-2264-1 DSA-2240-1}
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index c759ff20c8..37759741ca 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -364,8 +364,8 @@ CVE-2012-6495 (Multiple directory traversal vulnerabilities in the (1) twikidraw
 	[wheezy] - moin 1.9.4-8+deb7u1
 CVE-2012-6494
 	RESERVED
-CVE-2012-6493
-	RESERVED
+CVE-2012-6493 (Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose ...)
+	TODO: check
 CVE-2012-6492
 	RESERVED
 CVE-2012-6491
@@ -7920,8 +7920,7 @@ CVE-2012-3429 (The dns_to_ldap_dn_escape function in src/ldap_convert.c in ...)
 	NOT-FOR-US: Dynamic LDAP backend plugin for BIND
 CVE-2012-3428 (The IronJacamar container before 1.0.12.Final for JBoss Application ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
-CVE-2012-3427
-	RESERVED
+CVE-2012-3427 (EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
 CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before ...)
 	- keystone 2012.1.1-1
@@ -8949,8 +8948,7 @@ CVE-2012-3002 (The web interface on (1) Foscam and (2) Wansview IP cameras allow
 	NOT-FOR-US: Foscam, Wansview IP cameras
 CVE-2012-3001 (Mutiny Standard before 4.5-1.12 allows remote attackers to execute ...)
 	NOT-FOR-US: Mutiny Standard
-CVE-2012-3000
-	RESERVED
+CVE-2012-3000 (Multiple SQL injection vulnerabilities in ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2012-2999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
 	NOT-FOR-US: Cerberus FTP
@@ -10834,12 +10832,10 @@ CVE-2012-2252 (Incomplete blacklist vulnerability in rssh before 2.3.4, when the
 CVE-2012-2251 (rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync ...)
 	{DSA-2578-1}
 	- rssh 2.3.3-6
-CVE-2012-2250
-	RESERVED
+CVE-2012-2250 (Tor before 0.2.3.24-rc allows remote attackers to cause a denial of ...)
 	- tor 0.2.3.24-rc-1 (low)
 	[squeeze] - tor <no-dsa> (Minor issue)
-CVE-2012-2249
-	RESERVED
+CVE-2012-2249 (Tor before 0.2.3.23-rc allows remote attackers to cause a denial of ...)
 	- tor 0.2.3.23-rc-1 (low)
 	[squeeze] - tor <no-dsa> (Minor issue)
 CVE-2012-2248 [build-influenced PATH set in dhclient]
@@ -11212,16 +11208,13 @@ CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenS
 	NOTE: http://www.openssl.org/news/secadv_20120419.txt
 CVE-2012-2109 (SQL injection vulnerability in wp-load.php in the BuddyPress plugin ...)
 	NOT-FOR-US: wordpress buddypress plugin
-CVE-2012-2108
-	RESERVED
+CVE-2012-2108 (Stack-based buffer overflow in the main function in util/lpci_main.c ...)
 	- csound 1:5.17.6~dfsg-1 (low; bug #661197)
 	[squeeze] - csound <no-dsa> (Minor issue)
-CVE-2012-2107
-	RESERVED
+CVE-2012-2107 (Integer overflow in the main function in util/lpci_main.c in Csound ...)
 	- csound 1:5.17.6~dfsg-1 (bug #661197)
 	[squeeze] - csound <no-dsa> (Minor issue)
-CVE-2012-2106
-	RESERVED
+CVE-2012-2106 (Integer overflow in the pv_import function in util/pv_import.c in ...)
 	- csound 1:5.17.6~dfsg-1 (bug #661197)
 	[squeeze] - csound <no-dsa> (Minor issue)
 CVE-2012-2105 (Multiple SQL injection vulnerabilities in login.php in Timesheet Next ...)
@@ -14123,8 +14116,7 @@ CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash v
 	- xmlrpc-c 1.16.33-3.2 (low; bug #687672)
 	[squeeze] - xmlrpc-c <no-dsa> (Minor issue)
 	- python2.6 <not-affected> (configured with --with-system-expat since 2.6.6-4)
-CVE-2012-0875 [systemtap invalid read leading to kernel DoS]
-	RESERVED
+CVE-2012-0875 (SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged ...)
 	- systemtap 1.7-1 (low; bug #660929; bug #660886)
 	[squeeze] - systemtap <not-affected> (Vulnerable code not present)
 	[lenny] - systemtap <not-affected> (Vulnerable code not present)
@@ -16184,8 +16176,7 @@ CVE-2012-0061 (The headerLoad function in lib/header.c in RPM before 4.9.1.3 doe
 CVE-2012-0060 (RPM before 4.9.1.3 does not properly validate region tags, which ...)
 	- rpm 4.9.1.3-1 (bug #667031)
 	[squeeze] - rpm <no-dsa> (Minor issue)
-CVE-2012-0059
-	RESERVED
+CVE-2012-0059 (Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 ...)
 	NOT-FOR-US: RHN Satellite
 CVE-2012-0058 (The kiocb_batch_free function in fs/aio.c in the Linux kernel before ...)
 	- linux-2.6 3.2.2-1
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index b65b3af21d..ba86ac943e 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -75,20 +75,17 @@ CVE-2013-7295 (Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with
 	- tor 0.2.4.20-1 (low)
 	[wheezy] - tor <no-dsa> (Minor issue)
 	[squeeze] - tor <not-affected> (OpenSSL in oldstable not affected)
-CVE-2013-7303 [cross-site scripting]
-	RESERVED
+CVE-2013-7303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
 	- spip 3.0.13-1 (bug #736170)
 	[wheezy] - spip <no-dsa> (Minor issue)
 	[squeeze] - spip <no-dsa> (Minor issue)
 CVE-2013-7302
 	RESERVED
 	NOT-FOR-US: Drupal contrib
-CVE-2013-7301 [external network interface is used with no access control for reading queued music files]
-	RESERVED
+CVE-2013-7301 (Cantata before 1.2.2 does not restrict access to files in the play ...)
 	- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
 	NOTE: https://code.google.com/p/cantata/issues/detail?id=356
-CVE-2013-7300 [absolute path traversal vulnerability]
-	RESERVED
+CVE-2013-7300 (Absolute path traversal vulnerability in cantata before 1.2.2 allows ...)
 	- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
 	NOTE: https://code.google.com/p/cantata/issues/detail?id=356
 CVE-2013-7299 (framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows ...)
@@ -227,8 +224,8 @@ CVE-2013-7248 (Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and
 	NOT-FOR-US: Franklin Fueling Systems TS-550
 CVE-2013-7247 (cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware ...)
 	NOT-FOR-US: Franklin Fueling Systems TS-550
-CVE-2013-7246
-	RESERVED
+CVE-2013-7246 (Buffer overflow in the IconCreate method in an ActiveX control in the ...)
+	TODO: check
 CVE-2013-7245
 	RESERVED
 CVE-2013-7244
@@ -339,27 +336,22 @@ CVE-2013-7185
 	RESERVED
 CVE-2013-7184 (Gretech GOM Media Player 2.2.56.5158 and earlier allows remote ...)
 	NOT-FOR-US: Gretech GOM Media Player
-CVE-2013-7183
-	RESERVED
-CVE-2013-7182
-	RESERVED
+CVE-2013-7183 (cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote ...)
+	TODO: check
+CVE-2013-7182 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Fortinet FortiOS
-CVE-2013-7181
-	RESERVED
+CVE-2013-7181 (Cross-site scripting (XSS) vulnerability in user/ldap_user/add in ...)
 	NOT-FOR-US: FortiWeb
 CVE-2013-7180
 	RESERVED
-CVE-2013-7179
-	RESERVED
+CVE-2013-7179 (The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech ...)
 	NOT-FOR-US: Seowon Intech SWC-9100 routers
 CVE-2013-7178
 	RESERVED
-CVE-2013-7177
-	RESERVED
+CVE-2013-7177 (config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban ...)
 	- fail2ban 0.8.11-1
 	NOTE: https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087
-CVE-2013-7176
-	RESERVED
+CVE-2013-7176 (config/filter.d/postfix.conf in the postfix filter in Fail2ban before ...)
 	- fail2ban 0.8.11-1
 CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam ...)
 	NOT-FOR-US: Avanset Visual CertExam Manager
@@ -1552,15 +1544,14 @@ CVE-2013-6729
 	RESERVED
 CVE-2013-6728
 	RESERVED
-CVE-2013-6727
-	RESERVED
+CVE-2013-6727 (The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 ...)
 	NOT-FOR-US: IBM Sametime
 CVE-2013-6726
 	RESERVED
 CVE-2013-6725 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
 	NOT-FOR-US: IBM WebSphere
-CVE-2013-6724
-	RESERVED
+CVE-2013-6724 (Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS ...)
+	TODO: check
 CVE-2013-6723 (IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle ...)
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2013-6722
@@ -2130,8 +2121,7 @@ CVE-2013-6493
 CVE-2013-6492
 	RESERVED
 	NOT-FOR-US: Pirhana
-CVE-2013-6491
-	RESERVED
+CVE-2013-6491 (The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo ...)
 	- nova <unfixed>
 CVE-2013-6490
 	RESERVED
@@ -2858,8 +2848,7 @@ CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5
 CVE-2013-6236
 	RESERVED
 	NOT-FOR-US: Stem Innovations IZON
-CVE-2013-6235 [Multiple Reflected XSS vulnerabilities]
-	RESERVED
+CVE-2013-6235 (Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java ...)
 	- libjamon-java <not-affected> (jamon.war/JAMon web apps gets excluded by debian/orig-tar.sh)
 	NOTE: http://seclists.org/bugtraq/2014/Jan/92
 CVE-2013-6234
@@ -3050,8 +3039,8 @@ CVE-2013-6145
 	RESERVED
 CVE-2013-6144
 	RESERVED
-CVE-2013-6143
-	RESERVED
+CVE-2013-6143 (The Schneider Electric Telvent SAGE 3030 RTU with firmware ...)
+	TODO: check
 CVE-2013-6142 (DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA ...)
 	NOT-FOR-US: Schneider Electric ClearSCADA
 CVE-2013-6141 (Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers ...)
@@ -3296,15 +3285,14 @@ CVE-2013-6037
 	RESERVED
 CVE-2013-6036
 	RESERVED
-CVE-2013-6035
-	RESERVED
-CVE-2013-6034
-	RESERVED
-CVE-2013-6033
-	RESERVED
+CVE-2013-6035 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN ...)
+	TODO: check
+CVE-2013-6034 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN ...)
+	TODO: check
+CVE-2013-6033 (Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 ...)
 	NOT-FOR-US: Lexmark
-CVE-2013-6032
-	RESERVED
+CVE-2013-6032 (cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x ...)
+	TODO: check
 CVE-2013-6031
 	RESERVED
 CVE-2013-6030 (Directory traversal vulnerability on the Emerson Network Power Avocent ...)
@@ -3558,7 +3546,7 @@ CVE-2013-5912 (VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Se
 	NOT-FOR-US: Thomson Reuters Velocity Analytics Vhayu Analytic Server
 CVE-2013-5911 (Cross-site scripting (XSS) vulnerability in devform.php in Tenable ...)
 	NOT-FOR-US: Tenable SecurityCenter
-CVE-2013-5910 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, and Java SE ...)
+CVE-2013-5910 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE ...)
 	- openjdk-6 6b30-1.13.1-1
 	- openjdk-7 7u51-2.4.4-1
 CVE-2013-5909 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
@@ -3633,7 +3621,7 @@ CVE-2013-5886 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS compo
 	NOT-FOR-US: Oracle PeopleSoft Products
 CVE-2013-5885 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
 	NOT-FOR-US: Oracle Solaris
-CVE-2013-5884 (Unspecified vulnerability in Oracle Java SE Java SE 5.0u55, 6u65, and ...)
+CVE-2013-5884 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
 	- openjdk-6 6b30-1.13.1-1
 	- openjdk-7 7u51-2.4.4-1
 CVE-2013-5883 (Unspecified vulnerability in Oracle Solaris 8 allows local users to ...)
@@ -4821,8 +4809,8 @@ CVE-2013-5429 (The Risk Based Access functionality in IBM Tivoli Federated Ident
 	NOT-FOR-US: IBM Tivoli Federated Identity Manager
 CVE-2013-5428 (IBM WebSphere DataPower XC10 appliances 2.5.0 do not require ...)
 	NOT-FOR-US: IBM WebSphere DataPower XC10 appliances
-CVE-2013-5427
-	RESERVED
+CVE-2013-5427 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere ...)
+	TODO: check
 CVE-2013-5426 (Session fixation vulnerability in IBM InfoSphere Master Data ...)
 	NOT-FOR-US: IBM
 CVE-2013-5425 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
@@ -5722,11 +5710,9 @@ CVE-2013-4981
 CVE-2013-4980
 	RESERVED
 	NOT-FOR-US: AVTECH DVR
-CVE-2013-4979 [Buffer Overflow]
-	RESERVED
+CVE-2013-4979 (Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and ...)
 	NOT-FOR-US: EPS Viewer
-CVE-2013-4978 [Buffer Overflow]
-	RESERVED
+CVE-2013-4978 (Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in ...)
 	NOT-FOR-US: Aloaha PDF Suite
 CVE-2013-4977
 	RESERVED
@@ -6293,11 +6279,9 @@ CVE-2013-4741
 	RESERVED
 CVE-2013-4740 (goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux ...)
 	NOT-FOR-US: Goodix gt915 Android touchscreen driver
-CVE-2013-4739
-	RESERVED
+CVE-2013-4739 (The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm ...)
 	- linux <not-affected> (Android-specific camera drivers)
-CVE-2013-4738
-	RESERVED
+CVE-2013-4738 (Multiple stack-based buffer overflows in the MSM camera driver for the ...)
 	- linux <not-affected> (Android-specific camera drivers)
 CVE-2013-4737
 	RESERVED
@@ -7036,8 +7020,7 @@ CVE-2013-4465 (Unrestricted file upload vulnerability in the avatar upload ...)
 	NOT-FOR-US: Simple Machines Forum
 CVE-2013-4464
 	RESERVED
-CVE-2013-4463 [Compressed disk image DoS]
-	RESERVED
+CVE-2013-4463 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly ...)
 	- nova 2013.2-3 (bug #728605)
 CVE-2013-4462
 	RESERVED
@@ -7081,8 +7064,7 @@ CVE-2013-4450 (The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before
 	- nodejs 0.10.21~dfsg1-1 (medium)
 	NOTE: https://github.com/joyent/node/commit/085dd30e93da67362f044ad1b3b6b2d997064692
 	NOTE: http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/
-CVE-2013-4449 [slapd segfaults on certain queries with rwm overlay enabled]
-	RESERVED
+CVE-2013-4449 (The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not ...)
 	- openldap <unfixed> (low; bug #729367)
 	[wheezy] - openldap <no-dsa> (Minor issue)
 	[squeeze] - openldap <no-dsa> (Minor issue)
@@ -7305,8 +7287,7 @@ CVE-2013-4385 (Buffer overflow in the &quot;read-string!&quot; procedure in the
 	NOTE: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26
 CVE-2013-4384 (Cross-site scripting (XSS) vulnerability in Google Site Search module ...)
 	NOT-FOR-US: Drupal module
-CVE-2013-4383
-	RESERVED
+CVE-2013-4383 (Cross-site scripting (XSS) vulnerability in the jQuery Countdown ...)
 	NOT-FOR-US: Drupal module
 CVE-2013-4382
 	REJECTED
@@ -7498,8 +7479,7 @@ CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Librar
 	- eglibc 2.17-93 (bug #722536)
 	[wheezy] - eglibc <no-dsa> (Will be fixed in next point update)
 	[squeeze] - eglibc <no-dsa> (Will be fixed in next point update)
-CVE-2013-4331 [incorrect .Xauthority permissions]
-	RESERVED
+CVE-2013-4331 (Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before ...)
 	- lightdm 1.6.2-1 (bug #721744)
 	[wheezy] - lightdm <not-affected> (Introduced in 1.4)
 CVE-2013-4330 (Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, ...)
@@ -8434,8 +8414,8 @@ CVE-2013-4045 (Cross-site scripting (XSS) vulnerability in the Portal applicatio
 	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
 CVE-2013-4044 (IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 ...)
 	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
-CVE-2013-4043
-	RESERVED
+CVE-2013-4043 (The server in IBM SPSS Collaboration and Deployment Services 4.x ...)
+	TODO: check
 CVE-2013-4042 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment ...)
 	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
 CVE-2013-4041 (Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 ...)
@@ -9325,8 +9305,8 @@ CVE-2013-3641 (The Pizza Hut Japan Official Order application before 1.1.1.a for
 	NOT-FOR-US: The Pizza Hut Japan Official Order for Android
 CVE-2013-3640 (Cross-site scripting (XSS) vulnerability in the Instant Web Publish ...)
 	NOT-FOR-US: FileMaker Pro
-CVE-2013-3639
-	RESERVED
+CVE-2013-3639 (Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 ...)
+	TODO: check
 CVE-2013-3638
 	RESERVED
 CVE-2013-3637
@@ -9926,8 +9906,8 @@ CVE-2013-3367
 	RESERVED
 CVE-2013-3366
 	RESERVED
-CVE-2013-3365
-	RESERVED
+CVE-2013-3365 (TRENDnet TEW-812DRU router allows remote authenticated users to ...)
+	TODO: check
 CVE-2013-3364
 	RESERVED
 CVE-2013-3363 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 ...)
@@ -10512,8 +10492,8 @@ CVE-2013-3100
 	RESERVED
 CVE-2013-3099
 	RESERVED
-CVE-2013-3098
-	RESERVED
+CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet ...)
+	TODO: check
 CVE-2013-3097
 	RESERVED
 CVE-2013-3096
@@ -10528,21 +10508,20 @@ CVE-2013-3092
 	RESERVED
 CVE-2013-3091
 	RESERVED
-CVE-2013-3090
-	RESERVED
+CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 ...)
+	TODO: check
 CVE-2013-3089
 	RESERVED
 CVE-2013-3088
 	RESERVED
-CVE-2013-3087
-	RESERVED
+CVE-2013-3087 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 ...)
 	NOT-FOR-US: Belkin N900 router
 CVE-2013-3086
 	RESERVED
 CVE-2013-3085
 	RESERVED
-CVE-2013-3084
-	RESERVED
+CVE-2013-3084 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model ...)
+	TODO: check
 CVE-2013-3083
 	RESERVED
 CVE-2013-3082
@@ -11539,8 +11518,8 @@ CVE-2013-2693
 	RESERVED
 CVE-2013-2692
 	RESERVED
-CVE-2013-2691
-	RESERVED
+CVE-2013-2691 (Stack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 ...)
+	TODO: check
 CVE-2013-2690 (SQL injection vulnerability in index.php in Synchroweb Technology ...)
 	NOT-FOR-US: Synchroweb Technology SynConnect 2.0
 CVE-2013-2689
@@ -13287,8 +13266,7 @@ CVE-2013-2076 (Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, on
 CVE-2013-2075
 	RESERVED
 	- chicken <not-affected> (Incomplete fix was never applied)
-CVE-2013-2074 [prints passwords contained in HTTP URLs in error messages]
-	RESERVED
+CVE-2013-2074 (kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows ...)
 	- kde4libs 4:4.10.5-1 (low; bug #707776)
 	[squeeze] - kde4libs <no-dsa> (Minor issue)
 	[wheezy] - kde4libs <no-dsa> (Minor issue)
@@ -13652,8 +13630,7 @@ CVE-2013-1968 (Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote ..
 	{DSA-2703-1}
 	- subversion 1.7.9-1+nmu2 (bug #711033)
 	NOTE: https://subversion.apache.org/security/CVE-2013-1968-advisory.txt
-CVE-2013-1967 [mediaelement flashmediaelement XSS]
-	RESERVED
+CVE-2013-1967 (Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in ...)
 	- owncloud <not-affected> (Vulnerable code not present)
 	NOTE: oC >= 4.5 only
 CVE-2013-1966 (Apache Struts 2 before 2.3.14.1 allows remote attackers to execute ...)
@@ -13953,8 +13930,7 @@ CVE-2013-1882
 CVE-2013-1881 (GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary ...)
 	- librsvg 2.40.0-1 (bug #724741)
 	[wheezy] - librsvg 2.36.1-2
-CVE-2013-1880 [XSS vulnerability in portfolioPublish demo application]
-	RESERVED
+CVE-2013-1880 (Cross-site scripting (XSS) vulnerability in the Portfolio publisher ...)
 	- activemq <not-affected> (portfolio demo app not shipped in Debian package)
 	NOTE: https://issues.apache.org/jira/browse/AMQ-4398
 CVE-2013-1879 (Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ...)
@@ -14053,8 +14029,8 @@ CVE-2013-1853 (Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when
 	- almanah 0.9.1-1 (bug #702905)
 	[squeeze] - almanah <not-affected> (Only affect Almanah used in combination with glib 2.32)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=695117
-CVE-2013-1852
-	RESERVED
+CVE-2013-1852 (SQL injection vulnerability in leaguemanager.php in the LeagueManager ...)
+	TODO: check
 CVE-2013-1851 [user_migrate: Local file disclosure]
 	RESERVED
 	- owncloud 4.0.8debian-1.6 (bug #703094)
@@ -15406,8 +15382,7 @@ CVE-2013-1573 (The csnStreamDissector function in epan/dissectors/packet-csn1.c
 CVE-2013-1572 (The dissect_oampdu_event_notification function in ...)
 	- wireshark <unfixed> (unimportant)
 	NOTE: Not suitable for code injection
-CVE-2013-1470 [XSS in geeklog]
-	RESERVED
+CVE-2013-1470 (Cross-site scripting (XSS) vulnerability in calendar/index.php in the ...)
 	NOTE: There was a RFP long time ago, bug #203818
 	NOTE: https://www.htbridge.com/advisory/HTB23143
 	NOT-FOR-US: Geeklog
@@ -15421,8 +15396,8 @@ CVE-2013-1468 (Cross-site request forgery (CSRF) vulnerability in the LocalFiles
 	NOTE: https://www.htbridge.com/advisory/HTB23144
 CVE-2013-1467
 	RESERVED
-CVE-2013-1466
-	RESERVED
+CVE-2013-1466 (Multiple cross-site scripting (XSS) vulnerabilities in glFusion before ...)
+	TODO: check
 CVE-2013-1465 (The Cubecart::_basket method in classes/cubecart.class.php in CubeCart ...)
 	NOT-FOR-US: CubeCart
 CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in ssets/player.swf in the ...)
@@ -15671,8 +15646,7 @@ CVE-2013-1378 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.16
 	NOT-FOR-US: Adobe Flash Plugin
 CVE-2013-1377 (Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute ...)
 	NOT-FOR-US: Adobe Digital Editions
-CVE-2013-1376
-	RESERVED
+CVE-2013-1376 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2013-1375 (Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 ...)
 	NOT-FOR-US: Adobe Flash Plugin
@@ -18572,8 +18546,7 @@ CVE-2013-0235 (The XMLRPC API in WordPress before 3.5.1 allows remote attackers
 	- wordpress 3.5.1+dfsg-1 (bug #698916)
 	NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
 	NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/25/7
-CVE-2013-0234
-	RESERVED
+CVE-2013-0234 (Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg ...)
 	- elgg <itp> (bug #526197)
 CVE-2013-0233 (Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, ...)
 	- ruby-devise <itp> (bug #691525)
@@ -18761,8 +18734,7 @@ CVE-2013-0178 [redis 2.4: Insecure temporary flaw use for redis service's vm swa
 	[squeeze] - redis <no-dsa> (Minor issue)
 	[wheezy] - redis <no-dsa> (Minor issue)
 	NOTE: RedHat bugreport mentions 2.4 is affected, but not 2.6
-CVE-2013-0177
-	RESERVED
+CVE-2013-0177 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: OFBiz
 CVE-2013-0176 (The publickey_from_privatekey function in libssh before 0.5.4, when no ...)
 	- libssh 0.5.4-1 (low; bug #698963)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 99f5ca598a..aec632b6b9 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -1,3 +1,59 @@
+CVE-2014-1868
+	RESERVED
+CVE-2014-1867
+	RESERVED
+CVE-2014-1866
+	RESERVED
+CVE-2014-1865
+	RESERVED
+CVE-2014-1864
+	RESERVED
+CVE-2014-1863
+	RESERVED
+CVE-2014-1862
+	RESERVED
+CVE-2014-1861
+	RESERVED
+CVE-2014-1859
+	RESERVED
+CVE-2014-1858
+	RESERVED
+CVE-2014-1857
+	RESERVED
+CVE-2014-1856
+	RESERVED
+CVE-2014-1855
+	RESERVED
+CVE-2014-1854
+	RESERVED
+CVE-2014-1853
+	RESERVED
+CVE-2014-1852
+	RESERVED
+CVE-2014-1851
+	RESERVED
+CVE-2014-1850
+	RESERVED
+CVE-2014-1849
+	RESERVED
+CVE-2014-1848
+	RESERVED
+CVE-2014-1847
+	RESERVED
+CVE-2014-1844
+	RESERVED
+CVE-2014-1843
+	RESERVED
+CVE-2014-1842
+	RESERVED
+CVE-2014-1841
+	RESERVED
+CVE-2014-1840
+	RESERVED
+CVE-2014-1830
+	RESERVED
+CVE-2014-1829
+	RESERVED
 CVE-2014-XXXX [buffer overflow in socket.recvfrom_into]
 	- python2.5 <removed> (low)
 	- python2.6 <removed> (low)
@@ -33,38 +89,48 @@ CVE-2014-XXXX [shell injection]
 	NOTE: Security fix in 0.3.5-1 is invalid
 	NOTE: https://code.google.com/p/python-gnupg/issues/detail?id=98
 CVE-2014-1860 [PHP object insertion]
+	RESERVED
 	NOT-FOR-US: Contao CMS
 CVE-2014-1832 [incomplete fix of CVE-2014-1831]
+	RESERVED
 	- ruby-passenger <not-affected> (incomplete patch never applied)
 	- passenger <not-affected> (incomplete patch never applied)
 CVE-2014-1831 [insecure use of /tmp]
+	RESERVED
 	- ruby-passenger <unfixed> (low; bug #736958)
 	[wheezy] - ruby-passenger <no-dsa> (low; bug #736958)
 	- passenger <removed>
 	[squeeze] - passenger <no-dsa> (minor issue)
 CVE-2014-1845 [hardening to the defaults]
+	RESERVED
 	- e17 <unfixed> (bug #737705)
 	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d
 	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463
 	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77
 CVE-2014-1846 [hardening to the defaults]
+	RESERVED
 	- e17 <unfixed> (bug #737705)
 	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d
 	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463
 	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77
 CVE-2014-1839
+	RESERVED
 	- logilab-common <unfixed> (bug #737051)
 CVE-2014-1838
+	RESERVED
 	- logilab-common <unfixed> (bug #737051)
-CVE-2014-1837
+CVE-2014-1837 (Cross-site scripting (XSS) vulnerability in the StackIdeas Komento ...)
 	NOT-FOR-US: Joomla com_komento
 CVE-2014-1836
+	RESERVED
 	NOT-FOR-US: ImpressCMS
 CVE-2014-1835
+	RESERVED
 	NOT-FOR-US: Echor Ruby Gem
 CVE-2014-1834
+	RESERVED
 	NOT-FOR-US: Echor Ruby Gem
-CVE-2014-1833 [uupdate (devscripts) directory traversal]
+CVE-2014-1833 (Directory traversal vulnerability in uupdate in devscripts 2.14.1 ...)
 	- devscripts <unfixed> (bug #737160)
 CVE-2014-XXXX [no input validation for search function]
 	- fookebox <unfixed> (bug #736821)
@@ -337,8 +403,7 @@ CVE-2014-1695
 CVE-2014-1750
 	RESERVED
 	NOT-FOR-US: WordPress plugin nokia-mapsplaces
-CVE-2014-1694
-	RESERVED
+CVE-2014-1694 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
 	- otrs2 3.3.4-1
 	NOTE: https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/
 CVE-2014-1693
@@ -509,11 +574,9 @@ CVE-2014-1614
 	RESERVED
 CVE-2014-1613
 	RESERVED
-CVE-2014-1612
-	RESERVED
+CVE-2014-1612 (Cross-site scripting (XSS) vulnerability in login.esp in the Web ...)
 	NOT-FOR-US: Mediatrix
-CVE-2014-1610
-	RESERVED
+CVE-2014-1610 (MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before ...)
 	- mediawiki 1:1.19.11+dfsg-1
 CVE-2014-1609
 	RESERVED
@@ -753,80 +816,65 @@ CVE-2014-1493
 	RESERVED
 CVE-2014-1492
 	RESERVED
-CVE-2014-1491
-	RESERVED
+CVE-2014-1491 (Mozilla Network Security Services (NSS) before 3.15.4, as used in ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- nss 2:3.15.4-1
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
-CVE-2014-1490
-	RESERVED
+CVE-2014-1490 (Race condition in libssl in Mozilla Network Security Services (NSS) ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- nss 2:3.15.4-1
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
-CVE-2014-1489
-	RESERVED
+CVE-2014-1489 (Mozilla Firefox before 27.0 does not properly restrict access to ...)
 	- iceweasel <not-affected> (Only affects Firefox 26)
 	- icedove <not-affected> (Only affects Firefox 26)
-CVE-2014-1488
-	RESERVED
+CVE-2014-1488 (The Web workers implementation in Mozilla Firefox before 27.0 and ...)
 	- iceweasel <not-affected> (Only affects Firefox 26)
 	- icedove <not-affected> (Only affects Firefox 26)
-CVE-2014-1487
-	RESERVED
+CVE-2014-1487 (The Web workers implementation in Mozilla Firefox before 27.0, Firefox ...)
 	- iceweasel 24.3.0esr-1
 	- icedove <unfixed>
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
-CVE-2014-1486
-	RESERVED
+CVE-2014-1486 (Use-after-free vulnerability in the imgRequestProxy function in ...)
 	- iceweasel 24.3.0esr-1
 	- icedove <unfixed>
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
-CVE-2014-1485
-	RESERVED
+CVE-2014-1485 (The Content Security Policy (CSP) implementation in Mozilla Firefox ...)
 	- iceweasel <not-affected> (Only affects Firefox 26)
 	- icedove <not-affected> (Only affects Firefox 26)
-CVE-2014-1484
-	RESERVED
+CVE-2014-1484 (Mozilla Firefox before 27.0 on Android 4.2 and earlier creates ...)
 	- iceweasel <not-affected> (Only affects Firefox for Android)
 	- icedove <not-affected> (Only affects Firefox for Android)
-CVE-2014-1483
-	RESERVED
+CVE-2014-1483 (Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote ...)
 	- iceweasel <not-affected> (Only affects Firefox 26)
 	- icedove <not-affected> (Only affects Firefox 26)
-CVE-2014-1482
-	RESERVED
+CVE-2014-1482 (RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x ...)
 	- iceweasel 24.3.0esr-1
 	- icedove <unfixed>
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
-CVE-2014-1481
-	RESERVED
+CVE-2014-1481 (Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird ...)
 	- iceweasel 24.3.0esr-1
 	- icedove <unfixed>
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
-CVE-2014-1480
-	RESERVED
+CVE-2014-1480 (The file-download implementation in Mozilla Firefox before 27.0 and ...)
 	- iceweasel <not-affected> (Only affects Firefox 26)
 	- icedove <not-affected> (Only affects Firefox 26)
-CVE-2014-1479
-	RESERVED
+CVE-2014-1479 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...)
 	- iceweasel 24.3.0esr-1
 	- icedove <unfixed>
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
-CVE-2014-1478
-	RESERVED
+CVE-2014-1478 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <not-affected> (Only affects Firefox 26)
 	- icedove <not-affected> (Only affects Firefox 26)
-CVE-2014-1477
-	RESERVED
+CVE-2014-1477 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel 24.3.0esr-1
 	- icedove <unfixed>
 	[squeeze] - iceweasel <end-of-life>
@@ -858,8 +906,7 @@ CVE-2014-1624 (Race condition in the xdg.BaseDirectory.get_runtime_dir function
 	- pyxdg 0.25-4 (low; bug #736247)
 	[squeeze] - pyxdg <not-affected> (get_runtime_dir introduced in later version)
 	[wheezy] - pyxdg <not-affected> (get_runtime_dir introduced in later version)
-CVE-2014-1611
-	RESERVED
+CVE-2014-1611 (Cross-site scripting (XSS) vulnerability in the Anonymous Posting ...)
 	NOT-FOR-US: Drupal contrib
 CVE-2014-1604 (The parser cache functionality in parsergenerator.py in RPLY (aka ...)
 	- python-rply 0.7.1-1
@@ -868,8 +915,7 @@ CVE-2014-1473 (Multiple cross-site request forgery (CSRF) vulnerabilities in the
 	NOT-FOR-US: McAfee Vulnerability Manager
 CVE-2014-1472 (Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise ...)
 	NOT-FOR-US: McAfee Vulnerability Manager
-CVE-2014-1471
-	RESERVED
+CVE-2014-1471 (SQL injection vulnerability in the StateGetStatesByType function in ...)
 	- otrs2 3.3.4-1
 	NOTE: https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/
 CVE-2014-1470
@@ -896,8 +942,8 @@ CVE-2014-1460
 	RESERVED
 CVE-2014-1459
 	RESERVED
-CVE-2014-1458
-	RESERVED
+CVE-2014-1458 (Cross-site scripting (XSS) vulnerability in the web administration ...)
+	TODO: check
 CVE-2014-1457
 	RESERVED
 CVE-2014-1456
@@ -927,8 +973,8 @@ CVE-2014-1441
 	NOT-FOR-US: Core FTP Server
 CVE-2014-1440
 	RESERVED
-CVE-2014-1439
-	RESERVED
+CVE-2014-1439 (The libxml_disable_entity_loader function in ...)
+	TODO: check
 CVE-2014-1437
 	RESERVED
 CVE-2014-1436
@@ -1023,8 +1069,7 @@ CVE-2014-1409
 	RESERVED
 CVE-2014-1404
 	RESERVED
-CVE-2014-1403
-	RESERVED
+CVE-2014-1403 (Cross-site scripting (XSS) vulnerability in name.html in easyXDM ...)
 	NOT-FOR-US: easyXDM
 CVE-2014-1397
 	RESERVED
@@ -1407,8 +1452,8 @@ CVE-2014-1206 (SQL injection vulnerability in the password reset page in Open We
 	NOT-FOR-US: Open Web Analytics
 CVE-2014-1205
 	RESERVED
-CVE-2014-1204
-	RESERVED
+CVE-2014-1204 (SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and ...)
+	TODO: check
 CVE-2014-1202 (The WSDL/WADL import functionality in SoapUI before 4.6.4 allows ...)
 	NOT-FOR-US: SoapUI
 CVE-2014-1201 (Buffer overflow in the INetViewX ActiveX control in the Lorex Edge ...)
@@ -1794,16 +1839,16 @@ CVE-2014-0836 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar S
 	NOT-FOR-US: IBM Security QRadar SIEM
 CVE-2014-0835 (Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar ...)
 	NOT-FOR-US: IBM Security QRadar SIEM
-CVE-2014-0834
-	RESERVED
-CVE-2014-0833
-	RESERVED
-CVE-2014-0832
-	RESERVED
-CVE-2014-0831
-	RESERVED
-CVE-2014-0830
-	RESERVED
+CVE-2014-0834 (IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 ...)
+	TODO: check
+CVE-2014-0833 (The OAC component in IBM Financial Transaction Manager (FTM) 2.0 ...)
+	TODO: check
+CVE-2014-0832 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-0831 (Cross-site request forgery (CSRF) vulnerability in the OAC component ...)
+	TODO: check
+CVE-2014-0830 (Directory traversal vulnerability in the table-export implementation ...)
+	TODO: check
 CVE-2014-0829
 	RESERVED
 CVE-2014-0828
@@ -1838,8 +1883,8 @@ CVE-2014-0814
 	RESERVED
 CVE-2014-0813
 	RESERVED
-CVE-2014-0812
-	RESERVED
+CVE-2014-0812 (Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 ...)
+	TODO: check
 CVE-2014-0811
 	RESERVED
 CVE-2014-0810 (Unspecified vulnerability in JustSystems Sanshiro 2007 before update ...)
@@ -1876,8 +1921,7 @@ CVE-2014-0795
 	RESERVED
 CVE-2014-0794 (Cross-site scripting (XSS) vulnerability in JV Comment (com_jvcomment) ...)
 	NOT-FOR-US: JV Comment Joomla Extension
-CVE-2014-0793
-	RESERVED
+CVE-2014-0793 (Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas ...)
 	NOT-FOR-US: Komento Joomla Extension
 CVE-2014-0792 (Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to ...)
 	NOT-FOR-US: Sonatype Nexus
@@ -1951,12 +1995,11 @@ CVE-2014-0759
 	RESERVED
 CVE-2014-0758
 	RESERVED
-CVE-2014-0757
-	RESERVED
+CVE-2014-0757 (Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 ...)
+	TODO: check
 CVE-2014-0756
 	RESERVED
-CVE-2014-0755
-	RESERVED
+CVE-2014-0755 (Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not ...)
 	NOT-FOR-US: Rockwell Automation RSLogix
 CVE-2014-0754
 	RESERVED
@@ -2094,8 +2137,7 @@ CVE-2014-0688
 	RESERVED
 CVE-2014-0687
 	RESERVED
-CVE-2014-0686
-	RESERVED
+CVE-2014-0686 (Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
 CVE-2014-0685
 	RESERVED
@@ -2478,8 +2520,7 @@ CVE-2014-0499
 	RESERVED
 CVE-2014-0498
 	RESERVED
-CVE-2014-0497
-	RESERVED
+CVE-2014-0497 (Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x ...)
 	NOT-FOR-US: Flash plugin
 CVE-2014-0496 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
 	NOT-FOR-US: Adobe Reader
@@ -2868,8 +2909,8 @@ CVE-2014-0331
 	RESERVED
 CVE-2014-0330
 	RESERVED
-CVE-2014-0329
-	RESERVED
+CVE-2014-0329 (The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded ...)
+	TODO: check
 CVE-2014-0328
 	RESERVED
 CVE-2014-0327
@@ -3514,8 +3555,7 @@ CVE-2014-0021 [traffic amplification in cmdmon protocol]
 CVE-2014-0020
 	RESERVED
 	- pidgin 2.10.8-1
-CVE-2014-0019 [PROXY-CONNECT address overflow]
-	RESERVED
+CVE-2014-0019 (Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and ...)
 	- socat 1.7.2.3-1 (low; bug #736993)
 	[squeeze] - socat <no-dsa> (Minor issue)
 	[wheezy] - socat <no-dsa> (Minor issue)
@@ -3526,8 +3566,7 @@ CVE-2014-0017
 	RESERVED
 CVE-2014-0016
 	RESERVED
-CVE-2014-0015
-	RESERVED
+CVE-2014-0015 (cURL and libcurl 7.10.6 through 7.34.0, when more than one ...)
 	{DSA-2849-1}
 	- curl 7.35.0-1
 CVE-2014-0014
@@ -3566,8 +3605,7 @@ CVE-2014-0003
 	RESERVED
 CVE-2014-0002
 	RESERVED
-CVE-2014-0001 [command-line tool buffer overflow via long server version string]
-	RESERVED
+CVE-2014-0001 (Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before ...)
 	- mysql-5.1 <removed>
 	- mysql-5.5 <unfixed> (bug #737596)
 	- mariadb-5.5 <unfixed> (bug #737597)
author	Joey Hess <joeyh@debian.org>	2014-02-07 09:14:11 +0000
committer	Joey Hess <joeyh@debian.org>	2014-02-07 09:14:11 +0000
commit	f51a1c77240bf4dc45b108786bae7b780a8f5651 (patch)
tree	dd332bccdb7ab96bb06f970c5d8b93e9e2318cc2 /data/CVE
parent	676c2fcadeaa4fcf070f3fd0a0405b34c47ac389 (diff)